tree compose: Delete .dbenv.lock and __db.* files from /usr/share/rpm
Currently on an Atomic compose, I'm seeing abrtd trying to write to /usr/share/rpm/.dbenv.lock, which is denied by policy because it's usr_t. There are multiple ways to address this, but there's no good reason to leave the lock files and __db* files around. rpm appears to operate correctly without them if calling process merely gets EROFS.
This commit is contained in:
parent
c8c54d5095
commit
1613435f7d
@ -15,7 +15,7 @@
|
||||
# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
||||
# Boston, MA 02111-1307, USA.
|
||||
|
||||
privlib_SCRIPTS =
|
||||
privlib_SCRIPTS = src/rpmqa-sorted-and-clean
|
||||
|
||||
bin_PROGRAMS += rpm-ostree
|
||||
|
||||
|
@ -780,12 +780,16 @@ compute_checksum_for_compose (JsonObject *treefile_rootval,
|
||||
json_node_free (treefile_rootnode);
|
||||
}
|
||||
|
||||
/* Query the generated rpmdb, to see if anything has changed. */
|
||||
{
|
||||
int estatus;
|
||||
/* Ugly but it works... */
|
||||
gs_free char *rpmqa_shell = g_strdup_printf ("rpm --dbpath=%s/var/lib/rpm -qa | sort -u",
|
||||
gs_file_get_path_cached (yumroot));
|
||||
const char *rpmqa_argv[] = { "/bin/sh", "-c", rpmqa_shell, NULL };
|
||||
gs_free char *yumroot_var_lib_rpm =
|
||||
g_build_filename (gs_file_get_path_cached (yumroot),
|
||||
"var/lib/rpm",
|
||||
NULL);
|
||||
const char *rpmqa_argv[] = { PKGLIBDIR "/rpmqa-sorted-and-clean",
|
||||
yumroot_var_lib_rpm,
|
||||
NULL };
|
||||
gs_free char *rpmqa_result = NULL;
|
||||
|
||||
if (!g_spawn_sync (NULL, (char**)rpmqa_argv, NULL,
|
||||
@ -793,12 +797,16 @@ compute_checksum_for_compose (JsonObject *treefile_rootval,
|
||||
&rpmqa_result, NULL, &estatus, error))
|
||||
goto out;
|
||||
if (!g_spawn_check_exit_status (estatus, error))
|
||||
goto out;
|
||||
{
|
||||
g_prefix_error (error, "Executing %s: ",
|
||||
rpmqa_argv[0]);
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (!*rpmqa_result)
|
||||
{
|
||||
g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
|
||||
"Empty result from %s", rpmqa_shell);
|
||||
"Empty result from %s", rpmqa_argv[0]);
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
34
src/rpmqa-sorted-and-clean
Executable file
34
src/rpmqa-sorted-and-clean
Executable file
@ -0,0 +1,34 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# An ugly shell script to get the sorted output of "rpm -qa", and also
|
||||
# ensure that leftover __db files are deleted afterwards. This helps
|
||||
# avoid things like SELinux policy denials from processes that try to
|
||||
# write to the lock file if it exists (as they'd try to write to
|
||||
# usr_t).
|
||||
#
|
||||
# Copyright (C) 2014 Colin Walters <walters@verbum.org>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Lesser General Public License as published
|
||||
# by the Free Software Foundation; either version 2 of the licence or (at
|
||||
# your option) any later version.
|
||||
#
|
||||
# This library is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
# Lesser General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Lesser General
|
||||
# Public License along with this library; if not, write to the
|
||||
# Free Software Foundation, Inc., 59 Temple Place, Suite 330,
|
||||
# Boston, MA 02111-1307, USA.
|
||||
|
||||
set -e
|
||||
dbpath=$1
|
||||
test -n "$dbpath" || (echo 1>&2 "usage: $0 DBPATH"; exit 1)
|
||||
shift
|
||||
set -o pipefail
|
||||
rpm --dbpath=${dbpath} -qa | sort
|
||||
set +o pipefail
|
||||
rm -f ${dbpath}/__db.* ${dbpath}/{.dbenv,.rpm}.lock
|
||||
|
Loading…
Reference in New Issue
Block a user