-
Notifications
You must be signed in to change notification settings - Fork 195
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ability to install suid/fcaps binaries with non-root ownership #462
Comments
hey @cgwalters, how techincal of an issue is this? is the solution straightforward? |
I tested a version of the f25 kubernetes package where the apiserver binary was owned by root and I got this error nevertheless complaining of non-root ownership:
|
@dustymabe It's intertwined with #49 Also have to work on better test coverage first. @jasonbrooks Oh that should be an easy fix, will do. |
I tested this by making a version of kubernetes-master w/ a root-owned kube-apiserver, and I was able to install it. The issue remains for the non-modified kube-apiserver w/ its "kube" ownership. |
It looks like even if we switch over to systemd-sysusers here (either through a new change proposal, or through manually synthesizing entries as mentioned in #49), we'll still have some complexity in package layering. The "easy" way out here would be to run the %pre before unpacking the files, so that we can grab the new ids. Alternatively, we can canonicalize unpacked files to root:root, and during assembly, break hardlinks and set the right ids & caps before the final commit. In that case, the pkglayer cache repo acts more as a convenient way to store RPMs rather than a hardlink farm (though regular files are still hardlinked). Doing the final id & cap setting later might also be considered safer anyway wrt https://bugzilla.gnome.org/show_bug.cgi?id=722984. |
Breaking links just for suid/fcaps sounds sanest to me. Long term, we want to get away from suid binaries, so eventually it'll be equivalent. |
We lift the restriction from the unpacker on non-root owners. The unpacker now imports all files as root:root with no file caps. We split the running of rpm scripts between %pre and %post/posttrans as two different stages. During assembly, we first run the %pre scripts, collect users and groups, then chown and set file caps as needed (and then finally run the %post scripts). Closes: coreos#462
We lift the restriction from the unpacker on non-root owners. The unpacker now imports all files as root:root. We split the running of rpm scripts between %pre and %post/posttrans as two different stages. During assembly, we first run the %pre scripts, collect users and groups, then chown as needed (and then finally run the %post scripts). Closes: coreos#462
We lift the restriction from the unpacker on non-root owners. The unpacker now imports all files as root:root. We split the running of rpm scripts between %pre and %post/posttrans as two different stages. During assembly, we first run the %pre scripts, collect users and groups, then chown as needed (and then finally run the %post scripts). Closes: coreos#462
e.g.
kubernetes-master
. See #432The text was updated successfully, but these errors were encountered: