From f5a5096b4f330513008c76e4df4415bb4aa4d952 Mon Sep 17 00:00:00 2001 From: Richard Maw Date: Tue, 19 Mar 2024 18:02:33 +0000 Subject: [PATCH] Relax mkdir/rchown subpath of home check to owns a parent dir "the user owns a parent directory" is a lot less strict than being under the home directory, but allows using shared directories that are not mounted under home, and at least requires some explicit config to create the directory before it can be used rather than just being any directory the user is able to create. --- mkosi/user.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/mkosi/user.py b/mkosi/user.py index f22649b5c..34a9a8a7a 100644 --- a/mkosi/user.py +++ b/mkosi/user.py @@ -68,7 +68,10 @@ class INVOKING_USER: @classmethod def mkdir(cls, path: Path) -> Path: - cond = not cls.invoked_as_root or (cls.is_regular_user() and path.is_relative_to(cls.home())) + cond = ( + not cls.invoked_as_root or + (cls.is_regular_user() and any(p.exists() and p.stat().st_uid == cls.uid for p in path.parents)) + ) run( ["mkdir", "--parents", path], user=cls.uid if cond else os.getuid(), @@ -79,7 +82,7 @@ class INVOKING_USER: @classmethod def rchown(cls, path: Path) -> None: - if cls.is_regular_user() and path.is_relative_to(INVOKING_USER.home()) and path.exists(): + if cls.is_regular_user() and any(p.stat().st_uid == cls.uid for p in path.parents) and path.exists(): run(["chown", "--recursive", f"{INVOKING_USER.uid}:{INVOKING_USER.gid}", path]) -- 2.47.2