Open
Description
I was poking around with bootc trying to do something akin to a "factory reset". I know this might not be the particular use case of to-existing-root, but I hit this issue anyway and figured it would be worth a report:
[core@cosa-devsh ~]$ sudo RUST_LOG=debug bootc install to-existing-root --source-imgref docker://quay.io/fedora/fedora-coreos:rawhide
DEBUG argv0="bootc"
DEBUG exec: "ostree" "--repo=/ostree/repo" "rev-parse" "--single"
error: Multiple commit objects found
ERROR Installing to filesystem: Creating source info from a given imageref: Task Reading ostree commit failed: ExitStatus(unix_wait_status(256))
It seems the use of "ostree" "--repo=/ostree/repo" "rev-parse" "--single" causes some problems because that will fail if there are multiple commits on the system as are there by default on our CoreOS OSTree systems we ship.
[core@cosa-devsh ~]$ rpm-ostree status
State: idle
Deployments:
● ostree-remote-image:fedora:docker://quay.io/fedora/fedora-coreos:testing-devel
Digest: sha256:be7bf296a0d9d0b35085365b34b9ce711aeef3adc9b5e908c0a3663873e4d888
Version: 42.20250525.dev.0 (2025-05-25T12:56:02Z)
[core@cosa-devsh ~]$ ostree refs | wc -l
53
I was running a locally built bootc from git main:
$ bootc --version
bootc 1.3.0
Note that I was able to workaround this by:
for ref in $(ostree refs | grep -v 'ostree/1/1/0'); do sudo ostree refs --delete $ref; done
sudo ostree prune --refs-only
But then fail at:
[core@cosa-devsh ~]$ sudo bootc install to-existing-root --source-imgref docker://quay.io/fedora/fedora-coreos:rawhide
ERROR Installing to filesystem: Ensuring selinux install_t type: Failed to enter install_t (running as unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023) - use BOOTC_SETENFORCE0_FALLBACK=1 to override
So I then try with that recommendation:
[core@cosa-devsh ~]$ sudo BOOTC_SETENFORCE0_FALLBACK=1 RUST_LOG=debug bootc install to-existing-root --source-imgref docker://quay.io/fedora/fedora-coreos:rawhide
DEBUG argv0="bootc"
DEBUG exec: "ostree" "--repo=/ostree/repo" "rev-parse" "--single"
DEBUG Target image reference: ostree-unverified-registry:quay.io/fedora/fedora-coreos:rawhide
DEBUG Already mounted from host: /dev
DEBUG Already mounted from host: /var/lib/containers
DEBUG Already mounted from host: /var/tmp
DEBUG Setting up sys mounts
DEBUG Target has SELinux, host=true
DEBUG Setting up sys mounts
DEBUG Current security context is unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
DEBUG Lacking install_t capabilities; copying self to temporary file for re-exec
DEBUG Created "/tmp/.tmp2aZ2KM"
DEBUG exec: _bootc_selinuxfs_mounted="/tmp/.tmp2aZ2KM" "/tmp/.tmp2aZ2KM" "install" "to-existing-root" "--source-imgref" "docker://quay.io/fedora/fedora-coreos:rawhide"
DEBUG argv0=".tmp2aZ2KM"
DEBUG exec: "ostree" "--repo=/ostree/repo" "rev-parse" "--single"
DEBUG Target image reference: ostree-unverified-registry:quay.io/fedora/fedora-coreos:rawhide
DEBUG Already mounted from host: /dev
DEBUG Already mounted from host: /var/lib/containers
DEBUG Already mounted from host: /var/tmp
DEBUG Setting up sys mounts
DEBUG Target has SELinux, host=true
DEBUG Setting up sys mounts
DEBUG Current security context is unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
DEBUG Removing temporary file
WARN Failed to enter install_t; temporarily setting permissive mode
DEBUG Set SELinux mode: permissive
DEBUG SELinux state: Enabled(Some(SetEnforceGuard(Some(()))))
Installing image: docker://quay.io/fedora/fedora-coreos:rawhide
DEBUG No install configuration found
DEBUG Mounting host / to /target
DEBUG Set SELinux mode: enforcing
ERROR Installing to filesystem: Read-only file system (os error 30)
I think what I have here is maybe a fundamental misunderstanding of how to-existing-root is supposed to work.