lib/commit: Ensure bare-user objects are always user-readable #989
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Depends: #988 |
|
☔ The latest upstream changes (presumably e3a540a) made this pull request unmergeable. Please resolve the merge conflicts. |
Previously, we only supported additions in the statoverride file; it was mainly for adding the setuid bit without having that physically on disk. However, for testing a change to `bare-user` handling around *unreadable* files (which happens for `/etc/shadow` in host content), I need a way to write that into a repo in the test suite. I'm not actually aware of a non-test-suite use case for this; a more sophisticated user is going to be using the API directly, which can already do this. But we need it for tests at least.
Some of the Jenkins jobs for Fedora Atomic Host broke after updating to 2017.7, and it turns out that we regressed handling unreadable files in `bare-user` mode. An example of this is `/etc/shadow`, which ends up in the ostree-as-host content as `/usr/etc/shadow`. Now there are better fixes here; we should probably delete it and create it during the config merge if it doesn't exist. In general, having secret files in ostree really isn't supported, so it doesn't make sense to include them. But let's fix this regression - when operating as an unprivileged user we don't have `CAP_DAC_OVERRIDE` and hence will fail to open un-user-readable objects. (We still preserve the actual `0` mode of course in the xattr and will apply it in `bare`)
cgwalters
force-pushed
the
bareuser-nonreadable
branch
from
871b60b
to
d6a7a3b
Compare
|
🏄♂️ Rebased |
rh-atomic-bot
pushed a commit
that referenced
this pull request
Jun 30, 2017
Some of the Jenkins jobs for Fedora Atomic Host broke after updating to 2017.7, and it turns out that we regressed handling unreadable files in `bare-user` mode. An example of this is `/etc/shadow`, which ends up in the ostree-as-host content as `/usr/etc/shadow`. Now there are better fixes here; we should probably delete it and create it during the config merge if it doesn't exist. In general, having secret files in ostree really isn't supported, so it doesn't make sense to include them. But let's fix this regression - when operating as an unprivileged user we don't have `CAP_DAC_OVERRIDE` and hence will fail to open un-user-readable objects. (We still preserve the actual `0` mode of course in the xattr and will apply it in `bare`) Closes: #989 Approved by: jlebon
|
☀️ Test successful - status-atomicjenkins |
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Some of the Jenkins jobs for Fedora Atomic Host broke after updating
to 2017.7, and it turns out that we regressed handling unreadable
files in
bare-usermode. An example of this is/etc/shadow, whichends up in the ostree-as-host content as
/usr/etc/shadow.Now there are better fixes here; we should probably delete it and create it
during the config merge if it doesn't exist. In general, having secret files in
ostree really isn't supported, so it doesn't make sense to include them.
But let's fix this regression - when operating as an unprivileged user we don't
have
CAP_DAC_OVERRIDEand hence will fail to open un-user-readable objects.(We still preserve the actual
0mode of course in the xattr and willapply it in
bare)