From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Sun, 23 Jun 2024 12:07:56 +0000 (+0200)
Subject: Make sure /tmp, /var/tmp and /dev/shm permissions are correct in sandbox
X-Git-Tag: v24~90^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f4eba02dd3ca08c4efdba7031bc6ce0ad9b68e00;p=thirdparty%2Fmkosi.git

Make sure /tmp, /var/tmp and /dev/shm permissions are correct in sandbox
---

diff --git a/mkosi/sandbox.py b/mkosi/sandbox.py
index be52cbad1..089c20c9b 100644
--- a/mkosi/sandbox.py
+++ b/mkosi/sandbox.py
@@ -220,8 +220,12 @@ def sandbox_cmd(
 
     # bubblewrap creates everything with a restricted mode so relax stuff as needed.
     ops = []
-    if not devices and not relaxed:
-        ops += ["chmod 1777 /dev/shm"]
+    if not relaxed:
+        ops += ["chmod 1777 /tmp"]
+        if not devices:
+            ops += ["chmod 1777 /dev/shm"]
+    if vartmp:
+        ops += ["chmod 1777 /var/tmp"]
     if relaxed and INVOKING_USER.home().exists() and len(INVOKING_USER.home().parents) > 1:
         # We might mount a subdirectory of /home so /home will be created with the wrong permissions by bubblewrap so
         # we need to fix up the permissions.