cross_compile does not adjust SELinux policies of the workspace

[tobiasblass]

Description

cross_compile needs to mount the workspace into the docker container. This is not allowed by the default SELinux policy (at least on Fedora), which causes "permission denied" errors.

Expected Behavior

I guess the most convenient solution would be if the cross_compile-tool authomatically relabeled the workspace. The docker CLI tool does this if you add :z after the mount specification, i.e., something like docker run -v $HOME/ros_cross:/ws:z <image ID>.

If that doesn't work, or if you feel uneasy changing security labels on the system without notice, a short hint in the documentation that SELinux might cause issues might already be enough.

Actual Behavior

The tool aborts during the rosdep gathering with a Permission denied error.

INFO:Docker Client:+ rosdep update
INFO:Docker Client:Warning: running 'rosdep update' as root is not recommended.
...
INFO:Docker Client:updated cache in /root/.ros/rosdep/sources.cache
INFO:Docker Client:+ cat
INFO:Docker Client:/root/gather_rosdeps.sh: line 21: cc_internals/armhf-ubuntu-dashing/install_rosdeps.sh: Permission denied

To Reproduce

Install the tool and run ros_cross_compile <workspace> --arch armhf --os ubuntu --rosdistro dashing on a Fedora machine.

System (please complete the following information)

• OS: Fedora 30
• ROS 2 Distro: Dashing

Additional context

Unfortunately, it seems like the docker Python API does not have an easy "please make it work with SELinux" option like the CLI has, and I know neither docker nor SELinux well enough to contribute a patch.

[emersonknapp]

Thanks for reporting this - it's good to know that it largely works on Fedora, it hasn't been tested at all on that platform. Putting this on the backlog.