diff options
author | Jonathan Lebon <jonathan@jlebon.com> | 2019-04-24 09:42:56 -0400 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2019-04-24 13:48:14 +0000 |
commit | ba96d7ed7af1919eba54ebc3c2923d9947a22f57 (patch) | |
tree | 92d95240cd4284ae62c636f0e3b964a710498f70 | |
parent | 794f75ca61badfe34f4ba1f8eb50a574d83d3c58 (diff) | |
download | ostree-ba96d7ed7af1919eba54ebc3c2923d9947a22f57.tar.gz |
lib/sysroot: Match deployment /usr mode for overlay
Rather than hardcoding 0755, let's directly look at what `/usr`'s mode
is and copy it when creating the overlay.
Closes: #1843
Approved by: cgwalters
-rw-r--r-- | src/libostree/ostree-sysroot.c | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/src/libostree/ostree-sysroot.c b/src/libostree/ostree-sysroot.c index 200af99f..21ea1734 100644 --- a/src/libostree/ostree-sysroot.c +++ b/src/libostree/ostree-sysroot.c @@ -1771,6 +1771,14 @@ ostree_sysroot_deployment_unlock (OstreeSysroot *self, if (!sepolicy) return FALSE; + /* we want our /usr overlay to have the same permission bits as the one we'll shadow */ + mode_t usr_mode; + { struct stat stbuf; + if (!glnx_fstatat (deployment_dfd, "usr", &stbuf, 0, error)) + return FALSE; + usr_mode = stbuf.st_mode; + } + const char *ovl_options = NULL; static const char hotfix_ovl_options[] = "lowerdir=usr,upperdir=.usr-ovl-upper,workdir=.usr-ovl-work"; switch (unlocked_state) @@ -1784,9 +1792,9 @@ ostree_sysroot_deployment_unlock (OstreeSysroot *self, * directly for hotfixes. The ostree-prepare-root.c helper * is also set up to detect and mount these. */ - if (!mkdir_unmasked (deployment_dfd, ".usr-ovl-upper", 0755, cancellable, error)) + if (!mkdir_unmasked (deployment_dfd, ".usr-ovl-upper", usr_mode, cancellable, error)) return FALSE; - if (!mkdir_unmasked (deployment_dfd, ".usr-ovl-work", 0755, cancellable, error)) + if (!mkdir_unmasked (deployment_dfd, ".usr-ovl-work", usr_mode, cancellable, error)) return FALSE; ovl_options = hotfix_ovl_options; } @@ -1804,7 +1812,7 @@ ostree_sysroot_deployment_unlock (OstreeSysroot *self, { g_auto(OstreeSepolicyFsCreatecon) con = { 0, }; if (!_ostree_sepolicy_preparefscreatecon (&con, sepolicy, - "/usr", 0755, error)) + "/usr", usr_mode, error)) return FALSE; if (g_mkdtemp_full (development_ovldir, 0755) == NULL) @@ -1812,10 +1820,10 @@ ostree_sysroot_deployment_unlock (OstreeSysroot *self, } development_ovl_upper = glnx_strjoina (development_ovldir, "/upper"); - if (!mkdir_unmasked (AT_FDCWD, development_ovl_upper, 0755, cancellable, error)) + if (!mkdir_unmasked (AT_FDCWD, development_ovl_upper, usr_mode, cancellable, error)) return FALSE; development_ovl_work = glnx_strjoina (development_ovldir, "/work"); - if (!mkdir_unmasked (AT_FDCWD, development_ovl_work, 0755, cancellable, error)) + if (!mkdir_unmasked (AT_FDCWD, development_ovl_work, usr_mode, cancellable, error)) return FALSE; ovl_options = glnx_strjoina ("lowerdir=usr,upperdir=", development_ovl_upper, ",workdir=", development_ovl_work); |