]> git.ipfire.org Git - thirdparty/mkosi.git/commitdiff
Always run as root in Context sandbox
authorDaan De Meyer <daan.j.demeyer@gmail.com>
Mon, 11 Mar 2024 11:18:01 +0000 (12:18 +0100)
committerDaan De Meyer <daan.j.demeyer@gmail.com>
Mon, 11 Mar 2024 12:04:57 +0000 (13:04 +0100)
If there's files in /usr in the package manager tree, we need to
be running as root to mount an overlayfs on top of /usr so make
sure we are always root in the Context sandbox.

mkosi/context.py
mkosi/installer/pacman.py

index e1d146e2469bf220fb8d61cea4895e94c0bd44e5..c0b85e4853a74a1788f44afa12ece14965a2e690 100644 (file)
@@ -80,6 +80,9 @@ class Context:
             devices=devices,
             scripts=scripts,
             options=[
+                "--uid", "0",
+                "--gid", "0",
+                "--cap-add", "ALL",
                 # These mounts are writable so bubblewrap can create extra directories or symlinks inside of it as
                 # needed. This isn't a problem as the package manager directory is created by mkosi and thrown away
                 # when the build finishes.
index 45969da5983d16e2ba8cc6d95dae8469cd2f9562..b1b6282c31f179503e97e8b4ac2d1d124049f1ff 100644 (file)
@@ -165,9 +165,6 @@ class Pacman(PackageManager):
                             *cls.mounts(context),
                             *sources,
                             "--chdir", "/work/src",
-                            # pacman will fail unless invoked as root so make sure we're uid/gid 0 in the sandbox.
-                            "--uid", "0",
-                            "--gid", "0",
                         ],
                     ) + (apivfs_cmd(context.root) if apivfs else [])
                 ),