Boot issue in image generated by Packer

I copy the RockyLinux amd64 image to local using the following command

lxc image copy images:rockylinux/9/cloud/amd64 local: --copy-aliases --auto-update --alias rocky9-cloud-amd64-vm --vm

I then use packer to create an image called phase0 from rocky9-cloud-amd64-vm as a source. phase0 is able to boot successfully and get an ipv4 address. This involves booting the vm, waiting for it to get an ip, then running a sequence of exec calls using lxc ExecInstance api to modify the running instance (ie installing some packages using dnf, copying some files in). Finally I save the instance to a vm called phase1 using lxc CreateImage api.

When I try to boot phase1 I run into issues. The vm never gets an ipv4 address. Looking into the boot console I see some issues (possibly selinux related).

Here is a screenshot showing the issue. On the left is phase0 vm which boots successfully, on the right is phase1 vm which fails

Further permission errors also appear to be selinux related

Just for reference I tried to see if the kernel versions were different or were being booted by different arguments but looks like the arguments are the same

In an attempt to fix the issue I tried to disable selinux in phase1 vm by execing the following command, but when p1 vm boots this has no effect.

sudo grubby --update-kernel ALL --args "selinux=0"
grub2-mkconfig -o /etc/grub2.cfg

Would appreciate any pointers in what to investigate further.

Was able to track this down. This was a self inflicted wound.

I was installing docker which was pulling in selinux. I was able to go down this path once I noticed that the stock RockyLinux 9 image does not have /etc/selinux/config while my p1 vm had it. Once I noticed that, it was a matter of bisecting things until I found the culprit - Docker!

Since this is for a homelab, I am temporarily mitigating this using the following in my provisioning script until I find a better solution

if [ -f /etc/selinux/config ]; then
    echo "Permissive SELinux..."
	sudo sed -i "s/enforcing/permissive/" /etc/selinux/config
fi

And now both p0 and p1 vms boot successfully!

1 Like