keremet/rpm-ostree
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
2,704 Commits 1 Branch 0 Tags 12 MiB
82b27de843
Commit Graph

5 Commits

Author SHA1 Message Date
Jonathan Lebon
4ae3b174f5 ci: Bump to f29 
Better late than never!

Closes: #1787
Approved by: cgwalters
 2019-03-19 12:19:38 +00:00
Colin Walters
fca01e70b5 Lower initial SELinux policy load from compose to core 
Add a `selinux` verb to treespec, and bind it from treefile.  If
set, use it in the core to load an initial policy before import,
if we didn't already set a policy.

In practice right now this is only used from the compose path
since the SysrootUpgrader uses the policy from the merge deployment.

Unset the policy if rojig mode is enabled.

Now, non-SELinux use cases are required to set `selinux: false`
in the treespec. For `ex container` I just set it in our example
specs.  Probably that should forcibly disable it in the
treespec but eh, it's experimental.

The other case I can think of is client-side layering; before
we would create a policy using the target root, but it
wasn't a *hard* requirement, i.e. we didn't error out if
`policy_get_name() == NULL`.  Let's preserve that semantic by
hooking off of whether `_new_system()` was used.

Prep for sharing code with `compose rojig`.

Closes: #1630
Approved by: jlebon
 2018-10-23 13:40:46 +00:00
Jonathan Lebon
592d6052b9 ci: Bump to F28 
Closes: #1358
Approved by: cgwalters
 2018-05-23 14:18:41 +00:00
Colin Walters
3e9c6cf230 Fix "releasever" option, test it by default 
In #875 AKA b46fc35901 we
added support for the `releasever` option in treefiles.  I am
pretty sure it worked at the time...but I didn't add tests.

Either it never worked or some refactoring broke it. The whole chain of
`GKeyFile` → `GVariant` is so confusing. Anyways fix it by copying the string.
Now let's use it by default in the compose tests, and while we're here bump
those to F27.

I'm doing this patch now as I was playing with doing a compose from
the `/usr/share/rpm-ostree/treefile.json` and wanted to use the stock
`.repo` files.

Closes: #1220
Approved by: jlebon
 2018-01-23 15:18:52 +00:00
Colin Walters
94e52abb03 core: Don't try to apply non-root uid/gid when run as non-root 
In an unprivileged case, we can't do this on the real filesystem. For
`ex container`, we want to completely ignore uid/gid.  I added a test
installing `httpd` which failed previously.

TODO: For non-root `--ex-unified-core` we need to do it as a commit modifier.

Closes: #940
Approved by: jlebon
 2017-11-17 18:59:34 +00:00