]> git.ipfire.org Git - thirdparty/mkosi.git/commitdiff
projects / thirdparty / mkosi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 72c72b8)
tree: Don't copy xattrs to overlayfs if security.selinux is one 3479/head
authorDaan De Meyer <daan.j.demeyer@gmail.com>
Thu, 6 Feb 2025 13:40:36 +0000 (14:40 +0100)
committerDaan De Meyer <daan.j.demeyer@gmail.com>
Thu, 6 Feb 2025 14:25:11 +0000 (15:25 +0100)
Trying to copy the selinux xattrs to a directory in an overlayfs
filesystem will fail with "Operation not supported". There's no way
to instruct cp to not copy or ignore failures to copy selinux xattrs
so let's instead not try to copy xattrs at all when copying to directories
in overlayfs filesystems and security.selinux is in the list of xattrs.

mkosi/sandbox.py patch | blob | blame | history
mkosi/tree.py patch | blob | blame | history

diff --git a/mkosi/sandbox.py b/mkosi/sandbox.py
index 9949e0ee5719e9ba44418fe1373a7470274bcf12..2fd914358a7832f7d07572609cbd2717436d8b68 100755 (executable)
--- a/mkosi/sandbox.py
+++ b/mkosi/sandbox.py
@@ -53,6 +53,7 @@ NR_move_mount = 429
 NR_open_tree = 428
 OPEN_TREE_CLOEXEC = os.O_CLOEXEC
 OPEN_TREE_CLONE = 1
+OVERLAYFS_SUPER_MAGIC = 0x794C7630
 PR_CAP_AMBIENT = 47
 PR_CAP_AMBIENT_RAISE = 2
 # These definitions are taken from the libseccomp headers
diff --git a/mkosi/tree.py b/mkosi/tree.py
index 03a277ecdf2abd574b8166eb77f4b53b4a2d7c1f..89c0d447720473d83744db21025c7ac699537cca 100644 (file)
--- a/mkosi/tree.py
+++ b/mkosi/tree.py
@@ -3,6 +3,7 @@
 import contextlib
 import errno
 import logging
+import os
 import shutil
 import subprocess
 import tempfile
@@ -12,7 +13,7 @@ from pathlib import Path
 from mkosi.config import ConfigFeature
 from mkosi.log import ARG_DEBUG, die
 from mkosi.run import SandboxProtocol, nosandbox, run, workdir
-from mkosi.sandbox import BTRFS_SUPER_MAGIC, statfs
+from mkosi.sandbox import BTRFS_SUPER_MAGIC, OVERLAYFS_SUPER_MAGIC, statfs
 from mkosi.util import PathString, flatten
 from mkosi.versioncomp import GenericVersion
 
@@ -95,12 +96,22 @@ def copy_tree(
         "--bind", dst.parent, workdir(dst.parent, sandbox),
     ]  # fmt: skip
 
+    attrs = "mode,links"
+    if preserve:
+        attrs += ",timestamps,ownership"
+
+        # Trying to copy selinux xattrs to overlayfs fails with "Operation not supported" in containers.
+        if statfs(os.fspath(dst.parent)) != OVERLAYFS_SUPER_MAGIC or "security.selinux" not in os.listxattr(
+            src
+        ):
+            attrs += ",xattr"
+
     def copy() -> None:
         cmdline: list[PathString] = [
             "cp",
             "--recursive",
             "--dereference" if dereference else "--no-dereference",
-            f"--preserve=mode,links{',timestamps,ownership,xattr' if preserve else ''}",
+            f"--preserve={attrs}",
             "--reflink=auto",
             "--copy-contents",
             workdir(src, sandbox),
Mirror of https://github.com/systemd/mkosi.git