core: Apply rpmfi overrides for /etc to /usr/etc
This fixes installing `mock`, which for some reason has files in `/etc/mock` owned by `root:mock`. Closes: https://github.com/projectatomic/rpm-ostree/issues/671 Closes: #677 Approved by: jlebon
This commit is contained in:
parent
d8b96a8531
commit
ab7431c458
@ -2230,6 +2230,7 @@ apply_rpmfi_overrides (int tmp_metadata_dfd,
|
|||||||
while ((i = rpmfiNext (fi)) >= 0)
|
while ((i = rpmfiNext (fi)) >= 0)
|
||||||
{
|
{
|
||||||
const char *fn = rpmfiFN (fi);
|
const char *fn = rpmfiFN (fi);
|
||||||
|
g_autofree char *modified_fn = NULL; /* May be used to override fn */
|
||||||
const char *user = rpmfiFUser (fi) ?: "root";
|
const char *user = rpmfiFUser (fi) ?: "root";
|
||||||
const char *group = rpmfiFGroup (fi) ?: "root";
|
const char *group = rpmfiFGroup (fi) ?: "root";
|
||||||
const char *fcaps = rpmfiFCaps (fi) ?: '\0';
|
const char *fcaps = rpmfiFCaps (fi) ?: '\0';
|
||||||
@ -2255,6 +2256,11 @@ apply_rpmfi_overrides (int tmp_metadata_dfd,
|
|||||||
if (g_str_has_prefix (fn, "run/") ||
|
if (g_str_has_prefix (fn, "run/") ||
|
||||||
g_str_has_prefix (fn, "var/"))
|
g_str_has_prefix (fn, "var/"))
|
||||||
continue;
|
continue;
|
||||||
|
else if (g_str_has_prefix (fn, "etc/"))
|
||||||
|
{
|
||||||
|
/* The tree uses usr/etc */
|
||||||
|
fn = modified_fn = g_strconcat ("usr/", fn, NULL);
|
||||||
|
}
|
||||||
|
|
||||||
if (fstatat (tmprootfs_dfd, fn, &stbuf, AT_SYMLINK_NOFOLLOW) != 0)
|
if (fstatat (tmprootfs_dfd, fn, &stbuf, AT_SYMLINK_NOFOLLOW) != 0)
|
||||||
{
|
{
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
Summary: An app that uses has non-root files and caps
|
Summary: An app that has non-root files and caps
|
||||||
Name: nonrootcap
|
Name: nonrootcap
|
||||||
Version: 1.0
|
Version: 1.0
|
||||||
Release: 1
|
Release: 1
|
||||||
@ -19,6 +19,7 @@ echo "Hello!"
|
|||||||
EOF
|
EOF
|
||||||
|
|
||||||
chmod a+x tmp
|
chmod a+x tmp
|
||||||
|
echo nrc.conf > nrc.conf
|
||||||
cp tmp nrc-none.sh
|
cp tmp nrc-none.sh
|
||||||
cp tmp nrc-user.sh
|
cp tmp nrc-user.sh
|
||||||
cp tmp nrc-group.sh
|
cp tmp nrc-group.sh
|
||||||
@ -34,6 +35,7 @@ groupadd -r nrcgroup
|
|||||||
useradd -r nrcuser -g nrcgroup -s /sbin/nologin
|
useradd -r nrcuser -g nrcgroup -s /sbin/nologin
|
||||||
|
|
||||||
%install
|
%install
|
||||||
|
install -D nrc.conf %{buildroot}/etc/nrc.conf
|
||||||
mkdir -p %{buildroot}/usr/bin
|
mkdir -p %{buildroot}/usr/bin
|
||||||
install *.sh %{buildroot}/usr/bin
|
install *.sh %{buildroot}/usr/bin
|
||||||
mkdir -p %{buildroot}/var/lib/nonrootcap
|
mkdir -p %{buildroot}/var/lib/nonrootcap
|
||||||
@ -46,6 +48,7 @@ rm -rf %{buildroot}
|
|||||||
|
|
||||||
%files
|
%files
|
||||||
/usr/bin/nrc-none.sh
|
/usr/bin/nrc-none.sh
|
||||||
|
%attr(-, nrcuser, -) /etc/nrc.conf
|
||||||
%attr(-, nrcuser, -) /usr/bin/nrc-user.sh
|
%attr(-, nrcuser, -) /usr/bin/nrc-user.sh
|
||||||
%attr(-, -, nrcgroup) /usr/bin/nrc-group.sh
|
%attr(-, -, nrcgroup) /usr/bin/nrc-group.sh
|
||||||
%caps(cap_net_bind_service=ep) /usr/bin/nrc-caps.sh
|
%caps(cap_net_bind_service=ep) /usr/bin/nrc-caps.sh
|
||||||
|
@ -45,6 +45,7 @@ vm_cmd getent group nrcgroup
|
|||||||
echo "ok user and group added"
|
echo "ok user and group added"
|
||||||
|
|
||||||
if ! vm_has_files /usr/bin/nrc-none.sh \
|
if ! vm_has_files /usr/bin/nrc-none.sh \
|
||||||
|
/etc/nrc.conf \
|
||||||
/usr/bin/nrc-user.sh \
|
/usr/bin/nrc-user.sh \
|
||||||
/usr/bin/nrc-group.sh \
|
/usr/bin/nrc-group.sh \
|
||||||
/usr/bin/nrc-caps.sh \
|
/usr/bin/nrc-caps.sh \
|
||||||
@ -100,4 +101,5 @@ check_file /var/lib/nonrootcap nrcuser nrcgroup
|
|||||||
check_file /run/nonrootcap nrcuser nrcgroup
|
check_file /run/nonrootcap nrcuser nrcgroup
|
||||||
check_file /var/lib/nonrootcap-rootowned root root
|
check_file /var/lib/nonrootcap-rootowned root root
|
||||||
check_file /run/nonrootcap-rootowned root root
|
check_file /run/nonrootcap-rootowned root root
|
||||||
|
check_file /etc/nrc.conf nrcuser root
|
||||||
echo "ok correct user/group and fcaps"
|
echo "ok correct user/group and fcaps"
|
||||||
|
Loading…
Reference in New Issue
Block a user