90f9fe80e4
Note this PR requires [bubblewrap 0.2.0](https://github.com/projectatomic/bubblewrap/releases/tag/v0.2.0). Change our bwrap invocations drop truly dangerous capabilities like `cap_sys_admin` and `cap_sys_module` just like Docker does today. Because of the popularity of Docker, we can be pretty sure that most RPM scripts should have adapted to this (although a problematic area here is that traditional librpm doesn't actually error out if scripts fail). There are two reasons to do this: - We want "offline" updates by default; updates shouldn't affect the running system. If we prepare the new root in the background, a %post shouldn't restart a service for example. We already "handle" this by making `systemctl` a symlink to `/bin/true`, but this approach also shuts off `%post`s that do e.g. `insmod`. - Protection against accidental system damage Closes: #1099 Approved by: jlebon |
||
|---|---|---|
| .. | ||
| build-check.sh | ||
| build.sh | ||
| ci-commitmessage-submodules.sh | ||
| codestyle.sh | ||
| libbuild.sh | ||