rpm-ostree/0001-scripts-Bind-usr-share-empty-over-usr-share-rpm.patch

31 lines
1.3 KiB
Diff
Raw Normal View History

From 6886e4442597f67ea4153e3f6d9ac6e9444795a5 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Tue, 9 Feb 2021 21:18:49 +0000
Subject: [PATCH] scripts: Bind /usr/share/empty over /usr/share/rpm
Now that we inject the `%_dbpath /usr/share/rpm` macro, `rpm -q`
will start using it. But in RPM script invocation, we don't
want them to see any RPM database at all - trying to query it
should be a clean failure.
---
src/libpriv/rpmostree-scripts.cxx | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/libpriv/rpmostree-scripts.cxx b/src/libpriv/rpmostree-scripts.cxx
index f7adb08f..4b1f5429 100644
--- a/src/libpriv/rpmostree-scripts.cxx
+++ b/src/libpriv/rpmostree-scripts.cxx
@@ -378,6 +378,9 @@ rpmostree_run_script_in_bwrap_container (int rootfs_fd,
if (glnx_fstatat (rootfs_fd, "usr/lib/opt", &stbuf, AT_SYMLINK_NOFOLLOW, NULL) && S_ISDIR(stbuf.st_mode))
rpmostree_bwrap_append_bwrap_argv (bwrap, "--symlink", "usr/lib/opt", "/opt", NULL);
+ /* Don't let scripts see the base rpm database by default */
+ rpmostree_bwrap_bind_read (bwrap, "usr/share/empty", "usr/share/rpm");
+
/* Add ostree-booted API; some scriptlets may work differently on OSTree systems; e.g.
* akmods. Just create it manually; /run is usually tmpfs, but scriptlets shouldn't be
* adding stuff there anyway. */
--
2.29.2