lib/sysroot: Match deployment /usr mode for overlay

author Jonathan Lebon <jonathan@jlebon.com>

Wed, 24 Apr 2019 13:42:56 +0000 (09:42 -0400)

committer Atomic Bot <atomic-devel@projectatomic.io>

Wed, 24 Apr 2019 13:48:14 +0000 (13:48 +0000)
author Jonathan Lebon <jonathan@jlebon.com>
Wed, 24 Apr 2019 13:42:56 +0000 (09:42 -0400)
committer Atomic Bot <atomic-devel@projectatomic.io>
Wed, 24 Apr 2019 13:48:14 +0000 (13:48 +0000)
diff --git a/src/libostree/ostree-sysroot.c b/src/libostree/ostree-sysroot.c

index 200af99fd2b154c1fb9c066914bf66d2536bc0f8..21ea17347808302361aa743cd7a233aeceb39683 100644 (file)
--- a/src/libostree/ostree-sysroot.c
+++ b/src/libostree/ostree-sysroot.c
@@ -1771,6 +1771,14 @@ ostree_sysroot_deployment_unlock (OstreeSysroot     *self,
    if (!sepolicy)
      return FALSE;
  
+  /* we want our /usr overlay to have the same permission bits as the one we'll shadow */
+  mode_t usr_mode;
+  { struct stat stbuf;
+    if (!glnx_fstatat (deployment_dfd, "usr", &stbuf, 0, error))
+      return FALSE;
+    usr_mode = stbuf.st_mode;
+  }
+
    const char *ovl_options = NULL;
    static const char hotfix_ovl_options[] = "lowerdir=usr,upperdir=.usr-ovl-upper,workdir=.usr-ovl-work";
    switch (unlocked_state)
@@ -1784,9 +1792,9 @@ ostree_sysroot_deployment_unlock (OstreeSysroot     *self,
           * directly for hotfixes.  The ostree-prepare-root.c helper
           * is also set up to detect and mount these.
           */
-        if (!mkdir_unmasked (deployment_dfd, ".usr-ovl-upper", 0755, cancellable, error))
+        if (!mkdir_unmasked (deployment_dfd, ".usr-ovl-upper", usr_mode, cancellable, error))
            return FALSE;
-        if (!mkdir_unmasked (deployment_dfd, ".usr-ovl-work", 0755, cancellable, error))
+        if (!mkdir_unmasked (deployment_dfd, ".usr-ovl-work", usr_mode, cancellable, error))
            return FALSE;
          ovl_options = hotfix_ovl_options;
        }
@@ -1804,7 +1812,7 @@ ostree_sysroot_deployment_unlock (OstreeSysroot     *self,
          { g_auto(OstreeSepolicyFsCreatecon) con = { 0, };
  
            if (!_ostree_sepolicy_preparefscreatecon (&con, sepolicy,
-                                                    "/usr", 0755, error))
+                                                    "/usr", usr_mode, error))
              return FALSE;
  
            if (g_mkdtemp_full (development_ovldir, 0755) == NULL)
@@ -1812,10 +1820,10 @@ ostree_sysroot_deployment_unlock (OstreeSysroot     *self,
          }
  
          development_ovl_upper = glnx_strjoina (development_ovldir, "/upper");
-        if (!mkdir_unmasked (AT_FDCWD, development_ovl_upper, 0755, cancellable, error))
+        if (!mkdir_unmasked (AT_FDCWD, development_ovl_upper, usr_mode, cancellable, error))
            return FALSE;
          development_ovl_work = glnx_strjoina (development_ovldir, "/work");
-        if (!mkdir_unmasked (AT_FDCWD, development_ovl_work, 0755, cancellable, error))
+        if (!mkdir_unmasked (AT_FDCWD, development_ovl_work, usr_mode, cancellable, error))
            return FALSE;
          ovl_options = glnx_strjoina ("lowerdir=usr,upperdir=", development_ovl_upper,
                                       ",workdir=", development_ovl_work);
author	Jonathan Lebon <jonathan@jlebon.com>
	Wed, 24 Apr 2019 13:42:56 +0000 (09:42 -0400)
committer	Atomic Bot <atomic-devel@projectatomic.io>
	Wed, 24 Apr 2019 13:48:14 +0000 (13:48 +0000)