Backport patch for https://pagure.io/fedora-infrastructure/issue/9909
This commit is contained in:
Colin Walters
parent
1feff1be51
commit
18c0709e55
39
0001-bwrap-Fix-selftest-to-be-truly-immutable.patch
Normal file
39
0001-bwrap-Fix-selftest-to-be-truly-immutable.patch
Normal file
@ -0,0 +1,39 @@
|
||||
From 8758b0faa27420e915e7e9ba815258207e02a82a Mon Sep 17 00:00:00 2001
|
||||
From: Colin Walters <walters@verbum.org>
|
||||
Date: Tue, 20 Apr 2021 08:09:57 -0400
|
||||
Subject: [PATCH] bwrap: Fix selftest to be truly immutable
|
||||
|
||||
We should never have any effect on the host system, so let's
|
||||
use the more direct APIs which allow us to use the immutable
|
||||
flag, don't mount `/var` etc.
|
||||
|
||||
Crucially this also avoids us running through the tempetc
|
||||
guard which would try to rename `usr/etc` which can trigger
|
||||
on an ostree based host.
|
||||
|
||||
Closes: https://github.com/coreos/rpm-ostree/issues/2771
|
||||
---
|
||||
rust/src/bwrap.rs | 8 ++++++--
|
||||
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/rust/src/bwrap.rs b/rust/src/bwrap.rs
|
||||
index 939f0525..282b4f1b 100644
|
||||
--- a/rust/src/bwrap.rs
|
||||
+++ b/rust/src/bwrap.rs
|
||||
@@ -475,7 +475,11 @@ pub(crate) fn bubblewrap_run_sync(
|
||||
/// Validate that bubblewrap works at all. This will flush out any incorrect
|
||||
/// setups such being inside an outer container that disallows `CLONE_NEWUSER` etc.
|
||||
pub(crate) fn bubblewrap_selftest() -> CxxResult<()> {
|
||||
- let fd = openat::Dir::open("/")?;
|
||||
- let _ = bubblewrap_run_sync(fd.as_raw_fd(), &vec!["true".to_string()], false, true)?;
|
||||
+ let fd = &openat::Dir::open("/")?;
|
||||
+ let mut bwrap = Bubblewrap::new_with_mutability(fd, BubblewrapMutability::Immutable)?;
|
||||
+ bwrap.append_child_argv(&["true"]);
|
||||
+ let cancellable = &gio::Cancellable::new();
|
||||
+ let cancellable = Some(cancellable);
|
||||
+ bwrap.run_inner(cancellable)?;
|
||||
Ok(())
|
||||
}
|
||||
--
|
||||
2.30.2
|
||||
|
||||
@ -4,12 +4,13 @@
|
||||
Summary: Hybrid image/package system
|
||||
Name: rpm-ostree
|
||||
Version: 2021.4
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
License: LGPLv2+
|
||||
URL: https://github.com/coreos/rpm-ostree
|
||||
# This tarball is generated via "cd packaging && make -f Makefile.dist-packaging dist-snapshot"
|
||||
# in the upstream git. It also contains vendored Rust sources.
|
||||
Source0: https://github.com/coreos/rpm-ostree/releases/download/v%{version}/rpm-ostree-%{version}.tar.xz
|
||||
Patch0: 0001-bwrap-Fix-selftest-to-be-truly-immutable.patch
|
||||
|
||||
ExclusiveArch: %{rust_arches}
|
||||
|
||||
@ -210,6 +211,9 @@ $PYTHON autofiles.py > files.devel \
|
||||
|
||||
%files devel -f files.devel
|
||||
%changelog
|
||||
* Tue Apr 27 2021 Colin Walters <walters@verbum.org> - 2021.4-2
|
||||
- Backport patch for https://pagure.io/fedora-infrastructure/issue/9909
|
||||
|
||||
* Mon Apr 12 2021 Jonathan Lebon <jonathan@jlebon.com> - 2021.4-1
|
||||
- https://github.com/coreos/rpm-ostree/releases/tag/v2021.4
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user