From 14afafa349f29c0f17bd65a32e735911be14d87e Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Wed, 2 Dec 2020 15:00:05 +0100 Subject: [PATCH] cmd/initContainer: Avoid RPM failures due to unexpected file owners When running rootless, files and directories bind mounted from the host operating system can have their ownership listed as nobody:nobody. This is because the UIDs and GIDs that actually own those locations are not available inside the container. Some distribution packages are particular about the file ownerships of some of these locations. eg., Fedora's filesystem RPM. Encountering nobody:nobody as the owner can fail package management transactions involving such packages leading to unforeseen consequences. Therefore, configure RPM to leave these locations alone. --- src/cmd/initContainer.go | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/src/cmd/initContainer.go b/src/cmd/initContainer.go index f0e50335b..ade2718f1 100644 --- a/src/cmd/initContainer.go +++ b/src/cmd/initContainer.go @@ -252,6 +252,23 @@ func initContainer(cmd *cobra.Command, args []string) error { } } + if utils.PathExists("/usr/lib/rpm") { + logrus.Debug("Configuring RPM to ignore bind mounts") + + rpmConfigString := `# Written by Toolbox +# https://github.com/containers/toolbox + +%_netsharedpath /dev:/media:/proc:/sys:/tmp:/var/lib/flatpak +` + + rpmConfigBytes := []byte(rpmConfigString) + if err := ioutil.WriteFile("/usr/lib/rpm/toolbox", + rpmConfigBytes, + 0644); err != nil { + return errors.New("failed to configure RPM to ignore bind mounts") + } + } + logrus.Debug("Setting up daily ticker") daily, err := time.ParseDuration("24h")