Create /etc/{,g}shadow via tmpfiles #1045
Labels
Comments
cgwalters
added a commit
to cgwalters/rpm-ostree
that referenced
this issue
Oct 10, 2017
For the `ex container` case, there's no security issues here; one shouldn't be doing user management in these roots at all. This is for work on exporting `ex container` roots to OCI as non-root. Without this fix, libostree just tries to `openat()` the object for export to tar, and fails. See also coreos#1045
rh-atomic-bot
pushed a commit
that referenced
this issue
Oct 10, 2017
For the `ex container` case, there's no security issues here; one shouldn't be doing user management in these roots at all. This is for work on exporting `ex container` roots to OCI as non-root. Without this fix, libostree just tries to `openat()` the object for export to tar, and fails. See also #1045 Closes: #1046 Approved by: jlebon
rh-atomic-bot
pushed a commit
that referenced
this issue
Oct 10, 2017
For the `ex container` case, there's no security issues here; one shouldn't be doing user management in these roots at all. This is for work on exporting `ex container` roots to OCI as non-root. Without this fix, libostree just tries to `openat()` the object for export to tar, and fails. See also #1045 Closes: #1046 Approved by: jlebon
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I propose we do this rather than having
/usr/etc/shadowin the tree.The user-unreadable permissions for
/etc/shadowhave been a perennial source of bugs. Today it's breaking my prototypeostree2ociscript, since libostree can't read the file as non-root.I'm going to do some playing with this. We should ping the PAM/shadow maintainer about this too.
The text was updated successfully, but these errors were encountered: