core: Apply rpmfi overrides for /etc to /usr/etc
This fixes installing `mock`, which for some reason has files in `/etc/mock` owned by `root:mock`. Closes: https://github.com/projectatomic/rpm-ostree/issues/671 Closes: #677 Approved by: jlebon
This commit is contained in:
parent
d8b96a8531
commit
ab7431c458
@ -2230,6 +2230,7 @@ apply_rpmfi_overrides (int tmp_metadata_dfd,
|
||||
while ((i = rpmfiNext (fi)) >= 0)
|
||||
{
|
||||
const char *fn = rpmfiFN (fi);
|
||||
g_autofree char *modified_fn = NULL; /* May be used to override fn */
|
||||
const char *user = rpmfiFUser (fi) ?: "root";
|
||||
const char *group = rpmfiFGroup (fi) ?: "root";
|
||||
const char *fcaps = rpmfiFCaps (fi) ?: '\0';
|
||||
@ -2255,6 +2256,11 @@ apply_rpmfi_overrides (int tmp_metadata_dfd,
|
||||
if (g_str_has_prefix (fn, "run/") ||
|
||||
g_str_has_prefix (fn, "var/"))
|
||||
continue;
|
||||
else if (g_str_has_prefix (fn, "etc/"))
|
||||
{
|
||||
/* The tree uses usr/etc */
|
||||
fn = modified_fn = g_strconcat ("usr/", fn, NULL);
|
||||
}
|
||||
|
||||
if (fstatat (tmprootfs_dfd, fn, &stbuf, AT_SYMLINK_NOFOLLOW) != 0)
|
||||
{
|
||||
|
@ -1,4 +1,4 @@
|
||||
Summary: An app that uses has non-root files and caps
|
||||
Summary: An app that has non-root files and caps
|
||||
Name: nonrootcap
|
||||
Version: 1.0
|
||||
Release: 1
|
||||
@ -19,6 +19,7 @@ echo "Hello!"
|
||||
EOF
|
||||
|
||||
chmod a+x tmp
|
||||
echo nrc.conf > nrc.conf
|
||||
cp tmp nrc-none.sh
|
||||
cp tmp nrc-user.sh
|
||||
cp tmp nrc-group.sh
|
||||
@ -34,6 +35,7 @@ groupadd -r nrcgroup
|
||||
useradd -r nrcuser -g nrcgroup -s /sbin/nologin
|
||||
|
||||
%install
|
||||
install -D nrc.conf %{buildroot}/etc/nrc.conf
|
||||
mkdir -p %{buildroot}/usr/bin
|
||||
install *.sh %{buildroot}/usr/bin
|
||||
mkdir -p %{buildroot}/var/lib/nonrootcap
|
||||
@ -46,6 +48,7 @@ rm -rf %{buildroot}
|
||||
|
||||
%files
|
||||
/usr/bin/nrc-none.sh
|
||||
%attr(-, nrcuser, -) /etc/nrc.conf
|
||||
%attr(-, nrcuser, -) /usr/bin/nrc-user.sh
|
||||
%attr(-, -, nrcgroup) /usr/bin/nrc-group.sh
|
||||
%caps(cap_net_bind_service=ep) /usr/bin/nrc-caps.sh
|
||||
|
@ -45,6 +45,7 @@ vm_cmd getent group nrcgroup
|
||||
echo "ok user and group added"
|
||||
|
||||
if ! vm_has_files /usr/bin/nrc-none.sh \
|
||||
/etc/nrc.conf \
|
||||
/usr/bin/nrc-user.sh \
|
||||
/usr/bin/nrc-group.sh \
|
||||
/usr/bin/nrc-caps.sh \
|
||||
@ -100,4 +101,5 @@ check_file /var/lib/nonrootcap nrcuser nrcgroup
|
||||
check_file /run/nonrootcap nrcuser nrcgroup
|
||||
check_file /var/lib/nonrootcap-rootowned root root
|
||||
check_file /run/nonrootcap-rootowned root root
|
||||
check_file /etc/nrc.conf nrcuser root
|
||||
echo "ok correct user/group and fcaps"
|
||||
|
Loading…
Reference in New Issue
Block a user