rpms/rpm-ostree
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Backport patch for https://pagure.io/fedora-infrastructure/issue/9909

Browse Source
This commit is contained in:
Colin Walters 2021-04-27 14:51:48 -04:00
parent 1feff1be51
commit 18c0709e55
2 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
0001-bwrap-Fix-selftest-to-be-truly-immutable.patch Normal file
View File

@ -0,0 +1,39 @@
From 8758b0faa27420e915e7e9ba815258207e02a82a Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Tue, 20 Apr 2021 08:09:57 -0400
Subject: [PATCH] bwrap: Fix selftest to be truly immutable
We should never have any effect on the host system, so let's
use the more direct APIs which allow us to use the immutable
flag, don't mount `/var` etc.
Crucially this also avoids us running through the tempetc
guard which would try to rename `usr/etc` which can trigger
on an ostree based host.
Closes: https://github.com/coreos/rpm-ostree/issues/2771
---
rust/src/bwrap.rs | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/rust/src/bwrap.rs b/rust/src/bwrap.rs
index 939f0525..282b4f1b 100644
--- a/rust/src/bwrap.rs
+++ b/rust/src/bwrap.rs
@@ -475,7 +475,11 @@ pub(crate) fn bubblewrap_run_sync(
/// Validate that bubblewrap works at all. This will flush out any incorrect
/// setups such being inside an outer container that disallows `CLONE_NEWUSER` etc.
pub(crate) fn bubblewrap_selftest() -> CxxResult<()> {
- let fd = openat::Dir::open("/")?;
- let _ = bubblewrap_run_sync(fd.as_raw_fd(), &vec!["true".to_string()], false, true)?;
+ let fd = &openat::Dir::open("/")?;
+ let mut bwrap = Bubblewrap::new_with_mutability(fd, BubblewrapMutability::Immutable)?;
+ bwrap.append_child_argv(&["true"]);
+ let cancellable = &gio::Cancellable::new();
+ let cancellable = Some(cancellable);
+ bwrap.run_inner(cancellable)?;
Ok(())
}
--
2.30.2

6
rpm-ostree.spec
View File

@ -4,12 +4,13 @@
Summary: Hybrid image/package system Summary: Hybrid image/package system
Name: rpm-ostree Name: rpm-ostree
Version: 2021.4 Version: 2021.4
Release: 1%{?dist} Release: 2%{?dist}
License: LGPLv2+ License: LGPLv2+
URL: https://github.com/coreos/rpm-ostree URL: https://github.com/coreos/rpm-ostree
# This tarball is generated via "cd packaging && make -f Makefile.dist-packaging dist-snapshot" # This tarball is generated via "cd packaging && make -f Makefile.dist-packaging dist-snapshot"
# in the upstream git. It also contains vendored Rust sources. # in the upstream git. It also contains vendored Rust sources.
Source0: https://github.com/coreos/rpm-ostree/releases/download/v%{version}/rpm-ostree-%{version}.tar.xz Source0: https://github.com/coreos/rpm-ostree/releases/download/v%{version}/rpm-ostree-%{version}.tar.xz
Patch0: 0001-bwrap-Fix-selftest-to-be-truly-immutable.patch
ExclusiveArch: %{rust_arches} ExclusiveArch: %{rust_arches}
@ -210,6 +211,9 @@ $PYTHON autofiles.py > files.devel \
%files devel -f files.devel %files devel -f files.devel
%changelog %changelog
* Tue Apr 27 2021 Colin Walters <walters@verbum.org> - 2021.4-2
- Backport patch for https://pagure.io/fedora-infrastructure/issue/9909
* Mon Apr 12 2021 Jonathan Lebon <jonathan@jlebon.com> - 2021.4-1 * Mon Apr 12 2021 Jonathan Lebon <jonathan@jlebon.com> - 2021.4-1
- https://github.com/coreos/rpm-ostree/releases/tag/v2021.4 - https://github.com/coreos/rpm-ostree/releases/tag/v2021.4