tests: Add a test case for a %post that does rm -rf / #888
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I was thinking today about our script handling, and I realized an excellent way to showcase the advancement rpm-ostree makes over traditional package managers is the fact that we survive a `%post` script that does `rm -rf /`! See e.g. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858521 It's been this way ever since we first implemented package layering; the fact that we construct a new root and use bubblewrap to sandbox makes us very resilient to this type of thing. But, let's add a test case for this to be sure we preserve this behavior; for example, if in the future we for some reason we decide to leak some host state into the scripts.
|
Heh, nice. @rh-atomic-bot r+ 70a97d4 |
|
☀️ Test successful - status-atomicjenkins |
cgwalters
added a commit
to cgwalters/rpm-ostree
that referenced
this pull request
Jul 21, 2017
This is a followup to coreos#888 but more comprehensive; in the layering case, the sanitycheck runs after all the `%posttrans` scripts, so we'll get a consistent error message for the `rm -rf /` test. We also do the sanitycheck for the "pure ostree" case, as well as cases where we didn't actually layer packages (including `ex override remove` as well as simply regenerating an initrd). There's obviously a lot more we could do in a sanitycheck; as I say in the comment it's tempting to consider trying to boot systemd (in a fully volatile config), but for now let's do this. In the end of course the admin has rollback too.
cgwalters
added a commit
to cgwalters/rpm-ostree
that referenced
this pull request
Jul 26, 2017
This is a followup to coreos#888 but more comprehensive; in the layering case, the sanitycheck runs after all the `%posttrans` scripts, so we'll get a consistent error message for the `rm -rf /` test. We also do the sanitycheck for the "pure ostree" case, as well as cases where we didn't actually layer packages (including `ex override remove` as well as simply regenerating an initrd). There's obviously a lot more we could do in a sanitycheck; as I say in the comment it's tempting to consider trying to boot systemd (in a fully volatile config), but for now let's do this. In the end of course the admin has rollback too.
rh-atomic-bot
pushed a commit
that referenced
this pull request
Jul 27, 2017
This is a followup to #888 but more comprehensive; in the layering case, the sanitycheck runs after all the `%posttrans` scripts, so we'll get a consistent error message for the `rm -rf /` test. We also do the sanitycheck for the "pure ostree" case, as well as cases where we didn't actually layer packages (including `ex override remove` as well as simply regenerating an initrd). There's obviously a lot more we could do in a sanitycheck; as I say in the comment it's tempting to consider trying to boot systemd (in a fully volatile config), but for now let's do this. In the end of course the admin has rollback too. Closes: #892 Approved by: jlebon
|
nice |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I was thinking today about our script handling, and I realized
an excellent way to showcase the advancement rpm-ostree makes
over traditional package managers is the fact that we survive a
%postscript that doesrm -rf /!See e.g. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858521
and MrMEEE/bumblebee-Old-and-abbandoned#123
It's been this way ever since we first implemented package layering;
the fact that we construct a new root and use bubblewrap to sandbox
makes us very resilient to this type of thing.
But, let's add a test case for this to be sure we preserve this behavior; for
example, if in the future we for some reason we decide to leak some host state
into the scripts.