git.ipfire.org Git - thirdparty/mkosi.git/commit

author	Daan De Meyer <daan.j.demeyer@gmail.com>
	Thu, 12 Oct 2023 12:34:12 +0000 (14:34 +0200)
committer	Daan De Meyer <daan.j.demeyer@gmail.com>
	Fri, 13 Oct 2023 09:48:40 +0000 (11:48 +0200)
commit	baf1c3cd12c3d945e2abf7bfa922b27042633861
tree	45aeb5529f6a62597fcae63ee69e8f1004c76147	tree
parent	10c3685b5ac50ed7d51cd26fedadf5b4a7761f09	commit \| diff

Run qemu as the invoking user again

This commit also reworks InvokingUser to calculate all its members
on module import (when we haven't yet unshared the user namespace).
become_root() is also changed to modify the InvokingUser object
instead of returning the new uid, gid. Finally, we stop passing
around uid, gid everywhere and just use the InvokingUser object
directly as a singleton.

We also stop dropping privileges in mkosi itself. Instead, we prefer
running ssh, qemu and the embedded web server unprivileged. This
allows us to get rid of the logic to not unmount the last tools tree
as we will now always still have enough privileges to do so.

We also start passing file descriptors to swtpm and virtiofsd to avoid
race conditions where the socket hasn't been created yet before we
pass it to qemu or before we try to chown it.

mkosi/__init__.py		diff \| blob \| blame \| history
mkosi/config.py		diff \| blob \| blame \| history
mkosi/mounts.py		diff \| blob \| blame \| history
mkosi/qemu.py		diff \| blob \| blame \| history
mkosi/run.py		diff \| blob \| blame \| history
mkosi/state.py		diff \| blob \| blame \| history
mkosi/util.py		diff \| blob \| blame \| history