]> git.ipfire.org Git - thirdparty/mkosi.git/commitdiff
Make sure /tmp, /var/tmp and /dev/shm permissions are correct in sandbox
authorDaan De Meyer <daan.j.demeyer@gmail.com>
Sun, 23 Jun 2024 12:07:56 +0000 (14:07 +0200)
committerDaan De Meyer <daan.j.demeyer@gmail.com>
Mon, 24 Jun 2024 08:16:17 +0000 (10:16 +0200)
mkosi/sandbox.py

index be52cbad1c25786699ecb7c069878923ca7be0e4..089c20c9bc3938fb0361b37f12cb10a6bbbe0198 100644 (file)
@@ -220,8 +220,12 @@ def sandbox_cmd(
 
     # bubblewrap creates everything with a restricted mode so relax stuff as needed.
     ops = []
-    if not devices and not relaxed:
-        ops += ["chmod 1777 /dev/shm"]
+    if not relaxed:
+        ops += ["chmod 1777 /tmp"]
+        if not devices:
+            ops += ["chmod 1777 /dev/shm"]
+    if vartmp:
+        ops += ["chmod 1777 /var/tmp"]
     if relaxed and INVOKING_USER.home().exists() and len(INVOKING_USER.home().parents) > 1:
         # We might mount a subdirectory of /home so /home will be created with the wrong permissions by bubblewrap so
         # we need to fix up the permissions.