shaba/virt-manager
1
0
Fork 0
mirror of https://github.com/virt-manager/virt-manager.git synced 2025-01-26 10:03:54 +03:00
Code Issues Projects Releases Wiki Activity
virt-manager/virtinst/initrdinject.py
Cole Robinson c6b5f22fa6 initrdinject: Force added files to be owned as root (bz 1686464) 
systemd in fedora30 has some new security restriction about non-root
owned directories. Initrd inject would tickle this because the cpio
archive would cause the root dir in the initrd to be owned by the
uid that launched virt-install.

Pass --owner=+0:+0 to cpio to force root ownership

Suggested-by: James Szinger <jszinger@gmail.com>

https://bugzilla.redhat.com/show_bug.cgi?id=1686464
2019-04-03 20:29:16 -04:00

57 lines
1.8 KiB
Python
Raw Blame History

#
# Copyright 2006-2009, 2013, 2014 Red Hat, Inc.
#
# This work is licensed under the GNU GPLv2 or later.
# See the COPYING file in the top-level directory.
import logging
import os
import shutil
import subprocess
import tempfile
def perform_initrd_injections(initrd, injections, scratchdir):
"""
Insert files into the root directory of the initial ram disk
"""
if not injections:
return
tempdir = tempfile.mkdtemp(dir=scratchdir)
os.chmod(tempdir, 0o775)
for filename in injections:
logging.debug("Copying %s to the initrd.", filename)
shutil.copy(filename, tempdir)
logging.debug("Appending to the initrd.")
find_proc = subprocess.Popen(['find', '.', '-print0'],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
cwd=tempdir)
cpio_proc = subprocess.Popen(['cpio', '--create', '--null', '--quiet',
'--format=newc', '--owner=+0:+0'],
stdin=find_proc.stdout,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
cwd=tempdir)
f = open(initrd, 'ab')
gzip_proc = subprocess.Popen(['gzip'], stdin=cpio_proc.stdout,
stdout=f, stderr=subprocess.PIPE)
cpio_proc.wait()
find_proc.wait()
gzip_proc.wait()
f.close()
shutil.rmtree(tempdir)
finderr = find_proc.stderr.read()
cpioerr = cpio_proc.stderr.read()
gziperr = gzip_proc.stderr.read()
if finderr:
logging.debug("find stderr=%s", finderr)
if cpioerr:
logging.debug("cpio stderr=%s", cpioerr)
if gziperr:
logging.debug("gzip stderr=%s", gziperr)
Reference in New Issue View Git Blame Copy Permalink