From a9669fa1903e1ca37f4b02e871025fd791eb5e56 Mon Sep 17 00:00:00 2001 From: Andrew Obuchowicz Date: Wed, 13 Sep 2023 22:10:46 -0400 Subject: [PATCH] Don't stow .viminfo The .viminfo cannot be a symbolic link for security reasons. Thus it is ignored by stow and manually copied from /home/tooling/ to /home/user/ instead. Signed-off-by: Andrew Obuchowicz --- base/ubi8/.stow-local-ignore | 2 ++ base/ubi8/Dockerfile | 5 ++++- universal/ubi8/entrypoint.sh | 2 ++ 3 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 base/ubi8/.stow-local-ignore diff --git a/base/ubi8/.stow-local-ignore b/base/ubi8/.stow-local-ignore new file mode 100644 index 00000000..1cceb80d --- /dev/null +++ b/base/ubi8/.stow-local-ignore @@ -0,0 +1,2 @@ +# .viminfo cannot be a symlink for security reasons +\.viminfo diff --git a/base/ubi8/Dockerfile b/base/ubi8/Dockerfile index 080dbbda..8ed69f76 100644 --- a/base/ubi8/Dockerfile +++ b/base/ubi8/Dockerfile @@ -92,6 +92,7 @@ RUN \ rm -rf "${TEMP_DIR}" COPY --chown=0:0 entrypoint.sh / +COPY --chown=0:0 .stow-local-ignore /home/tooling/ RUN \ # add user and configure it useradd -u 10001 -G wheel,root -d /home/user --shell /bin/bash -m user && \ @@ -110,7 +111,9 @@ RUN \ chmod -R g=u /etc/passwd /etc/group /home && \ chmod +x /entrypoint.sh && \ # Create symbolic links from /home/tooling/ -> /home/user/ - stow . -t /home/user/ -d /home/tooling/ --no-folding + stow . -t /home/user/ -d /home/tooling/ --no-folding && \ + # .viminfo cannot be a symbolic link for security reasons, so copy it to /home/user/ + cp /home/tooling/.viminfo /home/user/.viminfo USER 10001 ENV HOME=/home/user diff --git a/universal/ubi8/entrypoint.sh b/universal/ubi8/entrypoint.sh index f035fa65..6f79e663 100755 --- a/universal/ubi8/entrypoint.sh +++ b/universal/ubi8/entrypoint.sh @@ -4,6 +4,8 @@ if mountpoint -q /home/user/; then # Create symbolic links from /home/tooling/ -> /home/user/ stow . -t /home/user/ -d /home/tooling/ --no-folding + # A symbolic link for .viminfo is not created for security reasons, so manually copy it + cp /home/tooling/.viminfo /home/user/.viminfo fi # Kubedock