ability to install suid/fcaps binaries with non-root ownership #462
Comments
|
hey @cgwalters, how techincal of an issue is this? is the solution straightforward? |
|
I tested a version of the f25 kubernetes package where the apiserver binary was owned by root and I got this error nevertheless complaining of non-root ownership: |
|
@dustymabe It's intertwined with #49 Also have to work on better test coverage first. @jasonbrooks Oh that should be an easy fix, will do. |
|
I tested this by making a version of kubernetes-master w/ a root-owned kube-apiserver, and I was able to install it. The issue remains for the non-modified kube-apiserver w/ its "kube" ownership. |
|
It looks like even if we switch over to systemd-sysusers here (either through a new change proposal, or through manually synthesizing entries as mentioned in #49), we'll still have some complexity in package layering. The "easy" way out here would be to run the %pre before unpacking the files, so that we can grab the new ids. Alternatively, we can canonicalize unpacked files to root:root, and during assembly, break hardlinks and set the right ids & caps before the final commit. In that case, the pkglayer cache repo acts more as a convenient way to store RPMs rather than a hardlink farm (though regular files are still hardlinked). Doing the final id & cap setting later might also be considered safer anyway wrt https://bugzilla.gnome.org/show_bug.cgi?id=722984. |
|
Breaking links just for suid/fcaps sounds sanest to me. Long term, we want to get away from suid binaries, so eventually it'll be equivalent. |
We lift the restriction from the unpacker on non-root owners. The unpacker now imports all files as root:root with no file caps. We split the running of rpm scripts between %pre and %post/posttrans as two different stages. During assembly, we first run the %pre scripts, collect users and groups, then chown and set file caps as needed (and then finally run the %post scripts). Closes: coreos#462
We lift the restriction from the unpacker on non-root owners. The unpacker now imports all files as root:root. We split the running of rpm scripts between %pre and %post/posttrans as two different stages. During assembly, we first run the %pre scripts, collect users and groups, then chown as needed (and then finally run the %post scripts). Closes: coreos#462
We lift the restriction from the unpacker on non-root owners. The unpacker now imports all files as root:root. We split the running of rpm scripts between %pre and %post/posttrans as two different stages. During assembly, we first run the %pre scripts, collect users and groups, then chown as needed (and then finally run the %post scripts). Closes: coreos#462
e.g.
kubernetes-master. See #432The text was updated successfully, but these errors were encountered: