testing/rpm
SHA256
3
0
Fork 0
forked from pool/rpm
Code Pull Requests Activity

- backport unshare fix from upstream and extend it a bit

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/Base:System/rpm?expand=0&rev=680
This commit is contained in:
Michael Schröder 2024-12-16 13:59:23 +00:00 committed by Git OBS Bridge
parent b01ea491c0
commit cfcc684186
3 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
macrosin.diff
View File

@ -5,7 +5,7 @@
%_builddir %{_topdir}/BUILD %_builddir %{_topdir}/BUILD
+# The build root where built files will be installed into +# The build root where built files will be installed into
+%buildroot %{_builddir}/%{NAME}-%{VERSION}-%{_arch}/BUILDROOT +%buildroot %{_builddir}/%{NAME}-%{VERSION}-build/BUILDROOT
+ +
# The interpreter used for build scriptlets. # The interpreter used for build scriptlets.
%_buildshell /bin/sh %_buildshell /bin/sh

2
rpm.changes
View File

@ -24,7 +24,7 @@ Mon Dec 16 11:55:23 CET 2024 - mls@suse.de
* 0002-log-build-time-if-it-is-set-from-SOURCE_DATE_EPOCH.patch * 0002-log-build-time-if-it-is-set-from-SOURCE_DATE_EPOCH.patch
* 0003-Error-out-on-a-missing-changelog-date.patch * 0003-Error-out-on-a-missing-changelog-date.patch
- add compatibility %buildroot definition - add compatibility %buildroot definition
- backport unshare fix from upstream - backport unshare fix from upstream and extend it a bit
* new patch: unshare.diff * new patch: unshare.diff
------------------------------------------------------------------- -------------------------------------------------------------------

24
unshare.diff
View File

@ -1,5 +1,5 @@
--- docs/man/rpm-plugin-unshare.8.md.orig 2024-10-07 09:35:46.000000000 +0000 --- docs/man/rpm-plugin-unshare.8.md.orig 2024-10-07 09:35:46.000000000 +0000
+++ docs/man/rpm-plugin-unshare.8.md 2024-12-16 12:57:40.781754250 +0000 +++ docs/man/rpm-plugin-unshare.8.md 2024-12-16 13:28:44.597787315 +0000
@@ -27,6 +27,11 @@ This plugin implements the following con @@ -27,6 +27,11 @@ This plugin implements the following con
execution. Typical examples would be `/tmp` to protect against execution. Typical examples would be `/tmp` to protect against
insecure temporary file usage inside scriptlets, and `/home` to insecure temporary file usage inside scriptlets, and `/home` to
@ -13,8 +13,22 @@
`%__transaction_unshare_nonet` `%__transaction_unshare_nonet`
--- plugins/unshare.c.orig 2024-10-07 09:35:46.000000000 +0000 --- plugins/unshare.c.orig 2024-10-07 09:35:46.000000000 +0000
+++ plugins/unshare.c 2024-12-16 12:57:40.781754250 +0000 +++ plugins/unshare.c 2024-12-16 13:52:31.530793880 +0000
@@ -19,8 +19,18 @@ static rpmRC unshare_init(rpmPlugin plug @@ -15,12 +15,32 @@
static ARGV_t private_mounts = NULL;
static int unshare_flags = 0;
+static int in_chroot()
+{
+ struct stat sta, stb;
+ if (stat("/", &sta))
+ return 0;
+ if (stat("/proc/1/root", &stb))
+ return 1; /* proc not mounted, assume chroot */
+ return sta.st_dev == stb.st_dev && sta.st_ino == stb.st_ino ? 0 : 1;
+}
+
static rpmRC unshare_init(rpmPlugin plugin, rpmts ts)
{ {
char *paths = rpmExpand("%{?__transaction_unshare_paths}", NULL); char *paths = rpmExpand("%{?__transaction_unshare_paths}", NULL);
private_mounts = argvSplitString(paths, ":", ARGV_SKIPEMPTY); private_mounts = argvSplitString(paths, ":", ARGV_SKIPEMPTY);
@ -25,7 +39,7 @@
+ * Changing mount propagation from inside a chroot fails if the root + * Changing mount propagation from inside a chroot fails if the root
+ * is not also a mount point, disable for now. + * is not also a mount point, disable for now.
+ */ + */
+ if (strcmp(rpmtsRootDir(ts), "/")) { + if (strcmp(rpmtsRootDir(ts), "/") || in_chroot()) {
+ rpmlog(RPMLOG_WARNING, + rpmlog(RPMLOG_WARNING,
+ "private mounts in chroot not implemented\n"); + "private mounts in chroot not implemented\n");
+ } else { + } else {
@ -35,7 +49,7 @@
free(paths); free(paths);
if (rpmExpandNumeric("%{?__transaction_unshare_nonet}")) if (rpmExpandNumeric("%{?__transaction_unshare_nonet}"))
@@ -47,9 +57,10 @@ static rpmRC unshare_scriptlet_fork_post @@ -47,9 +67,10 @@ static rpmRC unshare_scriptlet_fork_post
goto exit; goto exit;
} }