core: Don't try to apply non-root uid/gid when run as non-root

In an unprivileged case, we can't do this on the real filesystem. For `ex container`, we want to completely ignore uid/gid. I added a test installing `httpd` which failed previously. TODO: For non-root `--ex-unified-core` we need to do it as a commit modifier. Closes: #940 Approved by: jlebon
2017-11-16 14:46:40 -05:00 · 2017-11-16 14:46:40 -05:00 · 94e52abb03
commit 94e52abb03
parent be89b68873
2 changed files with 27 additions and 0 deletions
--- a/src/libpriv/rpmostree-core.c
+++ b/src/libpriv/rpmostree-core.c
@ -2682,6 +2682,14 @@ apply_rpmfi_overrides (RpmOstreeContext *self,
                       GCancellable  *cancellable,
                       GError       **error)
 {
+  /* In an unprivileged case, we can't do this on the real filesystem. For `ex
+   * container`, we want to completely ignore uid/gid.
+   *
+   * TODO: For non-root `--ex-unified-core` we need to do it as a commit modifier.
+   */
+  if (getuid () != 0)
+    return TRUE;  /* 🔚 Early return */
+
  int i;
  g_auto(rpmfi) fi = NULL;
  gboolean emitted_nonusr_warning = FALSE;
--- a/tests/ex-container-tests/test-httpd.sh
+++ b/tests/ex-container-tests/test-httpd.sh
@ -0,0 +1,19 @@
+#!/usr/bin/bash
+set -xeuo pipefail
+
+cd ${test_tmpdir}
+
+dn=$(cd $(dirname $0) && pwd)
+. ${dn}/../common/libtest-core.sh
+
+cat >httpd.conf <<EOF
+[tree]
+ref=httpd
+packages=httpd;
+repos=fedora;
+EOF
+
+# This one has non-root ownership in some of the dependencies, but we shouldn't
+# try to apply them; see apply_rpmfi_overrides().
+rpm-ostree ex container assemble httpd.conf
+ostree --repo=repo ls httpd /usr/sbin/httpd