Comments (4)
yeah I believe the postprocess is running as builder which is UID 1000:
[core@localhost ~]$ stat /etc/systemd/journald.conf
File: /etc/systemd/journald.conf
Size: 1064 Blocks: 8 IO Block: 4096 regular file
Device: fd00h/64768d Inode: 5014399 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 1000/ core) Gid: ( 1000/ sudo)
Context: system_u:object_r:etc_t:s0
Access: 2018-09-07 01:33:59.220000000 +0000
Modify: 2018-09-06 22:47:06.459561075 +0000
Change: 2018-09-06 22:47:06.459561075 +0000
Birth: -
from fedora-coreos-config.
I am not reproducing this.
from fedora-coreos-config.
Wait, just did repoduce. Hmm.
from fedora-coreos-config.
$ ostree --repo=repo ls -R fedora/29/x86_64/coreos /usr|grep '1000 1000'
-00400 1000 1000 266 /usr/etc/gshadow
-00644 1000 1000 28 /usr/etc/motd
-00644 1000 1000 1498 /usr/etc/nsswitch.conf.bak
-00400 1000 1000 401 /usr/etc/shadow
-00644 1000 1000 0 /usr/etc/subgid
-00644 1000 1000 0 /usr/etc/subuid
-00440 1000 1000 3276 /usr/etc/sudoers
-00644 1000 1000 262 /usr/etc/selinux/targeted/contexts/customizable_types
-00644 1000 1000 1065 /usr/etc/systemd/journald.conf
-00644 1000 1000 0 /usr/lib/locale/locale-archive.tmpl
That's files created by rpm scripts and our postprocess. Which points to this being some sort of generic sudo
+bwrap
issue? Looking.
from fedora-coreos-config.
Related Issues (20)
- Find a safer alternative to check unit status HOT 1
- Add kola test to check for initrd udev rules HOT 1
- Make sure that we do not ship broken symlinks HOT 17
- Stop excluding `cowsay` HOT 3
- Add an allowlist test for non-root owned files and ensure their UID/GID are statically allocated HOT 9
- bad permissions on /etc/sudoers.d/coreos-sudo-group HOT 1
- Sharing information between FCOS and SCOS/RHCOS9 HOT 6
- adjust buildroot container to work same as cosa HOT 5
- tests: Convert to new "YAML format" for kola config
- Fix ShellCheck errors
- Add space after `!` in kola YAML fields that want to negate semantics
- Add kola test to verify change of SELinux to permissive mode
- Add kola test that uses a proxy and ostree
- Move downgrade test into separate CI job HOT 3
- Compose an ostree commit by rpm-ostree failed HOT 1
- Add test for big disks on multipath
- rpm-ostree install behavior change -> update tests
- s390x: ext.config.disks.lvmdevices fails ocassionally HOT 2
- Document how to override `exclude-packages`
- enable sshd manually HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fedora-coreos-config.