tmpfiles: Create `/run/ostree`

This is referenced by https://github.com/ostreedev/ostree-rs-ext/blob/9645cee4f29786ba51ae9d62a52eeef9230146fd/lib/src/globals.rs#L16
specifically used for the (container image) pull secret in
`/run/ostree/auth.json`.

Let's pre-create the directory so users don't have to.

Motivated by https://github.com/openshift/machine-config-operator/pull/3007#discussion_r824172564

diff --git a/src/boot/ostree-tmpfiles.conf b/src/boot/ostree-tmpfiles.conf
index 4cbba0bdfcb39890489f22fb880d6594038a0acc..69c2d3f385e3fa23f3bb68a794b071ce84a73316 100644 (file)
--- a/src/boot/ostree-tmpfiles.conf
+++ b/src/boot/ostree-tmpfiles.conf
@@ -13,5 +13,7 @@
 # You should have received a copy of the GNU Lesser General Public
 # License along with this library. If not, see <https://www.gnu.org/licenses/>.
 
+# ostree runtime configuration
+d /run/ostree 0755 root root -
 # https://github.com/ostreedev/ostree/issues/393
 R! /var/tmp/ostree-unlock-ovl.*

diff --git a/tests/inst/src/sysroot.rs b/tests/inst/src/sysroot.rs
index 301ef8b31d6cc93cbc2621e47c14344f58c498f3..b10dbcd438c2d56a4d84c4143032e7f24f81263c 100644 (file)
--- a/tests/inst/src/sysroot.rs
+++ b/tests/inst/src/sysroot.rs
@@ -1,5 +1,8 @@
 //! Tests that mostly use the API and access the booted sysroot read-only.
 
+use std::os::unix::prelude::PermissionsExt;
+use std::path::Path;
+
 use anyhow::Result;
 use ostree_ext::prelude::*;
 use ostree_ext::{gio, ostree};
@@ -45,3 +48,13 @@ fn test_immutable_bit() -> Result<()> {
     cmd_has_output(sh_inline::bash_command!("lsattr -d /").unwrap(), "-i-")?;
     Ok(())
 }
+
+#[itest]
+fn test_tmpfiles() -> Result<()> {
+    if skip_non_ostree_host() {
+        return Ok(());
+    }
+    let metadata = Path::new("/run/ostree").metadata()?;
+    assert_eq!(metadata.permissions().mode() & !nix::libc::S_IFMT, 0o755);
+    Ok(())
+}