core: Apply rpmfi overrides for /etc to /usr/etc

This fixes installing `mock`, which for some reason has files in `/etc/mock`
owned by `root:mock`.

Closes: https://github.com/projectatomic/rpm-ostree/issues/671

Closes: #677
Approved by: jlebon
This commit is contained in:
Colin Walters 2017-03-11 10:43:42 -05:00 committed by Atomic Bot
parent d8b96a8531
commit ab7431c458
3 changed files with 12 additions and 1 deletions

View File

@ -2230,6 +2230,7 @@ apply_rpmfi_overrides (int tmp_metadata_dfd,
while ((i = rpmfiNext (fi)) >= 0) while ((i = rpmfiNext (fi)) >= 0)
{ {
const char *fn = rpmfiFN (fi); const char *fn = rpmfiFN (fi);
g_autofree char *modified_fn = NULL; /* May be used to override fn */
const char *user = rpmfiFUser (fi) ?: "root"; const char *user = rpmfiFUser (fi) ?: "root";
const char *group = rpmfiFGroup (fi) ?: "root"; const char *group = rpmfiFGroup (fi) ?: "root";
const char *fcaps = rpmfiFCaps (fi) ?: '\0'; const char *fcaps = rpmfiFCaps (fi) ?: '\0';
@ -2255,6 +2256,11 @@ apply_rpmfi_overrides (int tmp_metadata_dfd,
if (g_str_has_prefix (fn, "run/") || if (g_str_has_prefix (fn, "run/") ||
g_str_has_prefix (fn, "var/")) g_str_has_prefix (fn, "var/"))
continue; continue;
else if (g_str_has_prefix (fn, "etc/"))
{
/* The tree uses usr/etc */
fn = modified_fn = g_strconcat ("usr/", fn, NULL);
}
if (fstatat (tmprootfs_dfd, fn, &stbuf, AT_SYMLINK_NOFOLLOW) != 0) if (fstatat (tmprootfs_dfd, fn, &stbuf, AT_SYMLINK_NOFOLLOW) != 0)
{ {

View File

@ -1,4 +1,4 @@
Summary: An app that uses has non-root files and caps Summary: An app that has non-root files and caps
Name: nonrootcap Name: nonrootcap
Version: 1.0 Version: 1.0
Release: 1 Release: 1
@ -19,6 +19,7 @@ echo "Hello!"
EOF EOF
chmod a+x tmp chmod a+x tmp
echo nrc.conf > nrc.conf
cp tmp nrc-none.sh cp tmp nrc-none.sh
cp tmp nrc-user.sh cp tmp nrc-user.sh
cp tmp nrc-group.sh cp tmp nrc-group.sh
@ -34,6 +35,7 @@ groupadd -r nrcgroup
useradd -r nrcuser -g nrcgroup -s /sbin/nologin useradd -r nrcuser -g nrcgroup -s /sbin/nologin
%install %install
install -D nrc.conf %{buildroot}/etc/nrc.conf
mkdir -p %{buildroot}/usr/bin mkdir -p %{buildroot}/usr/bin
install *.sh %{buildroot}/usr/bin install *.sh %{buildroot}/usr/bin
mkdir -p %{buildroot}/var/lib/nonrootcap mkdir -p %{buildroot}/var/lib/nonrootcap
@ -46,6 +48,7 @@ rm -rf %{buildroot}
%files %files
/usr/bin/nrc-none.sh /usr/bin/nrc-none.sh
%attr(-, nrcuser, -) /etc/nrc.conf
%attr(-, nrcuser, -) /usr/bin/nrc-user.sh %attr(-, nrcuser, -) /usr/bin/nrc-user.sh
%attr(-, -, nrcgroup) /usr/bin/nrc-group.sh %attr(-, -, nrcgroup) /usr/bin/nrc-group.sh
%caps(cap_net_bind_service=ep) /usr/bin/nrc-caps.sh %caps(cap_net_bind_service=ep) /usr/bin/nrc-caps.sh

View File

@ -45,6 +45,7 @@ vm_cmd getent group nrcgroup
echo "ok user and group added" echo "ok user and group added"
if ! vm_has_files /usr/bin/nrc-none.sh \ if ! vm_has_files /usr/bin/nrc-none.sh \
/etc/nrc.conf \
/usr/bin/nrc-user.sh \ /usr/bin/nrc-user.sh \
/usr/bin/nrc-group.sh \ /usr/bin/nrc-group.sh \
/usr/bin/nrc-caps.sh \ /usr/bin/nrc-caps.sh \
@ -100,4 +101,5 @@ check_file /var/lib/nonrootcap nrcuser nrcgroup
check_file /run/nonrootcap nrcuser nrcgroup check_file /run/nonrootcap nrcuser nrcgroup
check_file /var/lib/nonrootcap-rootowned root root check_file /var/lib/nonrootcap-rootowned root root
check_file /run/nonrootcap-rootowned root root check_file /run/nonrootcap-rootowned root root
check_file /etc/nrc.conf nrcuser root
echo "ok correct user/group and fcaps" echo "ok correct user/group and fcaps"