Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
User and group handling is a very messy topic and the split RHCOS effort runs right into some of the intricacies. In the layered node image model, a bunch of packages that previously were part of the base compose are now layered in a separate build step. Some of those packages also want to bring their own users/groups, such as `openvswitch`, `containers`, and `unbound`. Because they're no longer part of the base compose, the way UIDs and GIDs are allocated to dynamic system users changes, possibly shifting the IDs of multiple system users. Even for system users that don't actually have e.g. data in `/var`, we pretty much have to reserve their IDs they historically had so as to not create a "hole" in the range that could be filled by something which _does_ have data. This issue is in fact relevant even without the split RHCOS effort. Any system user dropped (or e.g. package that switches to `DynamicUser`) from the base compose can also create a hole, causing drift to occur for other system users. Anyway, this is obviously not a great position to be in, but we can't really have IDs drifting on client systems. So just pin all the currently dynamically allocated entries. Cross fingers on `DynamicUser` and systemd sysusers to save us before we run out of IDs... See also: coreos/fedora-coreos-tracker#155 See also: https://gitlab.com/fedora/bootc/tracker/-/issues/31 See also: containers/bootc#673
- Loading branch information
