Skip to content

Commit

Permalink
passwd.rs: add condition when adding passwd/group
Browse files Browse the repository at this point in the history
  • Loading branch information
HuijingHei committed Oct 31, 2023
1 parent 1fd0c14 commit 3034dc0
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 5 deletions.
1 change: 0 additions & 1 deletion docs/treefile.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,6 @@ It supports the following parameters:
no SELinux labeling will be performed on the server side.

* `sysusers`: boolean, optional: Defaults to `false`.
Enable generation of systemd `sysusers.d` entries.
If `true`, this turns off `altfiles` and disables the `passwd` / `group`
files migration to `/usr/lib`.

Expand Down
15 changes: 11 additions & 4 deletions rust/src/passwd.rs
Original file line number Diff line number Diff line change
Expand Up @@ -614,6 +614,7 @@ fn complete_pwgrp(rootfs: &Dir) -> Result<()> {
/// This is a pre-commit validation hook which ensures that the upcoming
/// users/groups entries are somehow sane. See treefile `check-passwd` and
/// `check-groups` fields for a description of available validation knobs.
#[context("Validate users/groups refer to treefile check-passwd/check-groups configuration")]
pub fn check_passwd_group_entries(
ffi_repo: &crate::ffi::OstreeRepo,
rootfs_dfd: i32,
Expand All @@ -630,8 +631,12 @@ pub fn check_passwd_group_entries(

// Parse entries in the upcoming commit content.
let mut new_entities = PasswdEntries::default();
new_entities.add_passwd_content(rootfs.as_raw_fd(), "usr/lib/passwd")?;
new_entities.add_group_content(rootfs.as_raw_fd(), "usr/lib/group")?;
new_entities.add_passwd_content(rootfs.as_raw_fd(), "usr/etc/passwd")?;
new_entities.add_group_content(rootfs.as_raw_fd(), "usr/etc/group")?;
if has_usrlib_passwd(&rootfs)? {
new_entities.add_passwd_content(rootfs.as_raw_fd(), "usr/lib/passwd")?;
new_entities.add_group_content(rootfs.as_raw_fd(), "usr/lib/group")?;
}

// Fetch entries from treefile and previous commit, according to config.
// These are used as ground-truth by the validation steps below.
Expand Down Expand Up @@ -679,9 +684,11 @@ impl PasswdDB {
pub(crate) fn populate_new(rootfs: &Dir) -> Result<Self> {
let mut db = Self::default();
db.add_passwd_content(rootfs.as_raw_fd(), "usr/etc/passwd")?;
db.add_passwd_content(rootfs.as_raw_fd(), "usr/lib/passwd")?;
db.add_group_content(rootfs.as_raw_fd(), "usr/etc/group")?;
db.add_group_content(rootfs.as_raw_fd(), "usr/lib/group")?;
if has_usrlib_passwd(&rootfs)? {
db.add_passwd_content(rootfs.as_raw_fd(), "usr/lib/passwd")?;
db.add_group_content(rootfs.as_raw_fd(), "usr/lib/group")?;
}
Ok(db)
}

Expand Down

0 comments on commit 3034dc0

Please sign in to comment.