e41a8ab26f
We need to be friendlier to people who are transitioning from "traditional" yum managed systems. This patchset starts to lay out the groundwork for supporting "intercepting" binaries that are in the tree. For backwards compatibility, this feature is disabled by default, to enable it, one can add `cliwrap: true` to the manifest. To start with for example, we wrap `/usr/bin/rpm` and cause it to drop privileges. This way it can't corrupt anything; we're not just relying on the read-only bind mount. For example nothing will accidentally get written to `/var/lib/rpm`. Now a tricky thing with this one is we *do* want it to write if we're in an unlocked state. There are various other examples of binaries we want to intercept, among them: - `grubby` -> `rpm-ostree kargs` - `dracut` -> `rpm-ostree initramfs` - `yum` -> well...we'll talk about that later |
||
|---|---|---|
| .. | ||
| manual | ||
| CONTRIBUTING.md | ||
| index.md | ||
| repo_structure.md | ||