From df83c629201f3955dfb07016c31409d85f376a29 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hozza?= <thozza@redhat.com>
Date: Thu, 18 Jul 2024 21:35:31 +0200
Subject: [PATCH] Mockbuild: workaround a SELinux policy issue on c10s.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

SELinux policy forbids systemd-machined from creating a varlink socket,
which it does since v256. This makes it fail to start. Subsequently,
mock fails to build the RPM, because it uses systemd-nspawn as an
isolation and it fails to register the machine with systemd-machined.

Signed-off-by: Tomáš Hozza <thozza@redhat.com>
---
 schutzbot/mockbuild.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/schutzbot/mockbuild.sh b/schutzbot/mockbuild.sh
index f3fcb66c..2c7f83e9 100755
--- a/schutzbot/mockbuild.sh
+++ b/schutzbot/mockbuild.sh
@@ -135,6 +135,14 @@ if [[ ($ID == rhel || $ID == centos) && ${VERSION_ID%.*} == 10 ]]; then
     sudo dnf copr enable -y @osbuild/centpkg "centos-stream-10-$(uname -m)"
 fi
 
+# TODO: Remove this workaround, once https://issues.redhat.com/browse/RHEL-49567 is fixed
+# We can't workaround this in mock config due to https://github.com/rpm-software-management/mock/pull/1410
+if [[ $ID == centos && ${VERSION_ID%.*} == 10 ]]; then
+    sudo setenforce 0
+    sudo systemctl restart systemd-machined.service
+    sudo setenforce 1
+fi
+
 # Install requirements for building RPMs in mock.
 greenprint "📦 Installing mock requirements"
 dnf_install_with_retry createrepo_c make mock python3-pip rpm-build s3cmd