From ab7431c458301cf2121e403a0637056a8347f14c Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Sat, 11 Mar 2017 10:43:42 -0500 Subject: [PATCH] core: Apply rpmfi overrides for /etc to /usr/etc This fixes installing `mock`, which for some reason has files in `/etc/mock` owned by `root:mock`. Closes: https://github.com/projectatomic/rpm-ostree/issues/671 Closes: #677 Approved by: jlebon --- src/libpriv/rpmostree-core.c | 6 ++++++ tests/common/compose/yum/nonrootcap.spec | 5 ++++- tests/vmcheck/test-layering-non-root-caps.sh | 2 ++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/src/libpriv/rpmostree-core.c b/src/libpriv/rpmostree-core.c index c88f6503..136b5b40 100644 --- a/src/libpriv/rpmostree-core.c +++ b/src/libpriv/rpmostree-core.c @@ -2230,6 +2230,7 @@ apply_rpmfi_overrides (int tmp_metadata_dfd, while ((i = rpmfiNext (fi)) >= 0) { const char *fn = rpmfiFN (fi); + g_autofree char *modified_fn = NULL; /* May be used to override fn */ const char *user = rpmfiFUser (fi) ?: "root"; const char *group = rpmfiFGroup (fi) ?: "root"; const char *fcaps = rpmfiFCaps (fi) ?: '\0'; @@ -2255,6 +2256,11 @@ apply_rpmfi_overrides (int tmp_metadata_dfd, if (g_str_has_prefix (fn, "run/") || g_str_has_prefix (fn, "var/")) continue; + else if (g_str_has_prefix (fn, "etc/")) + { + /* The tree uses usr/etc */ + fn = modified_fn = g_strconcat ("usr/", fn, NULL); + } if (fstatat (tmprootfs_dfd, fn, &stbuf, AT_SYMLINK_NOFOLLOW) != 0) { diff --git a/tests/common/compose/yum/nonrootcap.spec b/tests/common/compose/yum/nonrootcap.spec index be5959dc..572ff20d 100644 --- a/tests/common/compose/yum/nonrootcap.spec +++ b/tests/common/compose/yum/nonrootcap.spec @@ -1,4 +1,4 @@ -Summary: An app that uses has non-root files and caps +Summary: An app that has non-root files and caps Name: nonrootcap Version: 1.0 Release: 1 @@ -19,6 +19,7 @@ echo "Hello!" EOF chmod a+x tmp +echo nrc.conf > nrc.conf cp tmp nrc-none.sh cp tmp nrc-user.sh cp tmp nrc-group.sh @@ -34,6 +35,7 @@ groupadd -r nrcgroup useradd -r nrcuser -g nrcgroup -s /sbin/nologin %install +install -D nrc.conf %{buildroot}/etc/nrc.conf mkdir -p %{buildroot}/usr/bin install *.sh %{buildroot}/usr/bin mkdir -p %{buildroot}/var/lib/nonrootcap @@ -46,6 +48,7 @@ rm -rf %{buildroot} %files /usr/bin/nrc-none.sh +%attr(-, nrcuser, -) /etc/nrc.conf %attr(-, nrcuser, -) /usr/bin/nrc-user.sh %attr(-, -, nrcgroup) /usr/bin/nrc-group.sh %caps(cap_net_bind_service=ep) /usr/bin/nrc-caps.sh diff --git a/tests/vmcheck/test-layering-non-root-caps.sh b/tests/vmcheck/test-layering-non-root-caps.sh index 6cba6e2e..6787a0c3 100755 --- a/tests/vmcheck/test-layering-non-root-caps.sh +++ b/tests/vmcheck/test-layering-non-root-caps.sh @@ -45,6 +45,7 @@ vm_cmd getent group nrcgroup echo "ok user and group added" if ! vm_has_files /usr/bin/nrc-none.sh \ + /etc/nrc.conf \ /usr/bin/nrc-user.sh \ /usr/bin/nrc-group.sh \ /usr/bin/nrc-caps.sh \ @@ -100,4 +101,5 @@ check_file /var/lib/nonrootcap nrcuser nrcgroup check_file /run/nonrootcap nrcuser nrcgroup check_file /var/lib/nonrootcap-rootowned root root check_file /run/nonrootcap-rootowned root root +check_file /etc/nrc.conf nrcuser root echo "ok correct user/group and fcaps"