from mkosi.run import run
from mkosi.types import PathString
-from mkosi.util import umask
+from mkosi.util import INVOKING_USER, umask
from mkosi.versioncomp import GenericVersion
yield
finally:
os.environ["PATH"] = old
+
+
+@contextlib.contextmanager
+def mount_passwd() -> Iterator[None]:
+ with tempfile.NamedTemporaryFile(prefix="mkosi.passwd", mode="w") as passwd:
+ passwd.write("root:x:0:0:root:/root:/bin/sh\n")
+ if INVOKING_USER.uid != 0:
+ name = INVOKING_USER.name()
+ home = INVOKING_USER.home()
+ passwd.write(f"{name}:x:{INVOKING_USER.uid}:{INVOKING_USER.gid}:{name}:{home}:/bin/sh\n")
+ passwd.flush()
+ os.fchown(passwd.file.fileno(), INVOKING_USER.uid, INVOKING_USER.gid)
+
+ with mount(passwd.name, Path("/etc/passwd"), operation="--bind"):
+ yield
format_bytes,
)
from mkosi.log import die
+from mkosi.mounts import mount_passwd
from mkosi.partition import finalize_root, find_partitions
from mkosi.run import (
MkosiAsyncioThread,
notifications: dict[str, str] = {}
with contextlib.ExitStack() as stack:
+ if (
+ os.getuid() == 0 and
+ not INVOKING_USER.invoked_as_root and
+ config.runtime_trees
+ ):
+ # In this scenario newuidmap might fail when invoked by virtiofsd as the user running virtiofsd will not
+ # be resolvable to a name via NSS so we have to trick newuidmap by mounting over /etc/passwd. Once
+ # https://gitlab.com/virtio-fs/virtiofsd/-/issues/137 is fixed we can set up the user namespace ourselves
+ # without uidmap to avoid having to mount over /etc/passwd.
+ stack.enter_context(mount_passwd())
+
for k, v in config.credentials.items():
payload = base64.b64encode(v.encode()).decode()
if config.architecture.supports_smbios() and firmware == QemuFirmware.uefi:
projects / thirdparty / mkosi.git / commitdiff
