From: Richard Maw Date: Tue, 19 Mar 2024 18:02:33 +0000 (+0000) Subject: Relax mkdir/rchown subpath of home check to owns a parent dir X-Git-Tag: v23~72^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F2534%2Fhead;p=thirdparty%2Fmkosi.git Relax mkdir/rchown subpath of home check to owns a parent dir "the user owns a parent directory" is a lot less strict than being under the home directory, but allows using shared directories that are not mounted under home, and at least requires some explicit config to create the directory before it can be used rather than just being any directory the user is able to create. --- diff --git a/mkosi/user.py b/mkosi/user.py index f22649b5c..34a9a8a7a 100644 --- a/mkosi/user.py +++ b/mkosi/user.py @@ -68,7 +68,10 @@ class INVOKING_USER: @classmethod def mkdir(cls, path: Path) -> Path: - cond = not cls.invoked_as_root or (cls.is_regular_user() and path.is_relative_to(cls.home())) + cond = ( + not cls.invoked_as_root or + (cls.is_regular_user() and any(p.exists() and p.stat().st_uid == cls.uid for p in path.parents)) + ) run( ["mkdir", "--parents", path], user=cls.uid if cond else os.getuid(), @@ -79,7 +82,7 @@ class INVOKING_USER: @classmethod def rchown(cls, path: Path) -> None: - if cls.is_regular_user() and path.is_relative_to(INVOKING_USER.home()) and path.exists(): + if cls.is_regular_user() and any(p.stat().st_uid == cls.uid for p in path.parents) and path.exists(): run(["chown", "--recursive", f"{INVOKING_USER.uid}:{INVOKING_USER.gid}", path])