* [Buildroot] [git commit] fs/common.mk: disable real chown calls in fakeroot
@ 2019-04-06 17:12 Peter Korsgaard
2019-04-14 20:24 ` Peter Korsgaard
0 siblings, 1 reply; 2+ messages in thread
From: Peter Korsgaard @ 2019-04-06 17:12 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=655acd1df02e5e9ce318aadc33bd6fa8042fc455
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
fakeroot by default forwards {f,l,}chown calls to libc and ignores
permission issues, which may cause issues when building in restricted
environments like user namespaces as set up with bubblewrap where a chown
call with a uid/gid not mapped in the user namespace instead returns EINVAL.
This error is not masked by fakeroot and returned to the caller, causing
failures.
There is no real reason to really perform the *chown calls in the context of
Buildroot (as the calls will likely just fail and files are not accessed
outside the fakeroot environment any way).
This forwarding can be disabled by setting the FAKEROOTDONTTRYCHOWN
environment variable, so set it when fakeroot is executed.
Reported-by: Esben Nielsen <nielsen.esben@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
fs/common.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/common.mk b/fs/common.mk
index daa43efd75..4ad51fdd0a 100644
--- a/fs/common.mk
+++ b/fs/common.mk
@@ -146,7 +146,7 @@ $$(BINARIES_DIR)/$$(ROOTFS_$(2)_FINAL_IMAGE_NAME): $$(ROOTFS_$(2)_DEPENDENCIES)
$$(call PRINTF,$$(ROOTFS_REPRODUCIBLE)) >> $$(FAKEROOT_SCRIPT)
$$(call PRINTF,$$(ROOTFS_$(2)_CMD)) >> $$(FAKEROOT_SCRIPT)
chmod a+x $$(FAKEROOT_SCRIPT)
- PATH=$$(BR_PATH) $$(HOST_DIR)/bin/fakeroot -- $$(FAKEROOT_SCRIPT)
+ PATH=$$(BR_PATH) FAKEROOTDONTTRYCHOWN=1 $$(HOST_DIR)/bin/fakeroot -- $$(FAKEROOT_SCRIPT)
$(Q)rm -rf $$(TARGET_DIR)
ifneq ($$(ROOTFS_$(2)_COMPRESS_CMD),)
PATH=$$(BR_PATH) $$(ROOTFS_$(2)_COMPRESS_CMD) $$@ > $$@$$(ROOTFS_$(2)_COMPRESS_EXT)
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [Buildroot] [git commit] fs/common.mk: disable real chown calls in fakeroot
2019-04-06 17:12 [Buildroot] [git commit] fs/common.mk: disable real chown calls in fakeroot Peter Korsgaard
@ 2019-04-14 20:24 ` Peter Korsgaard
0 siblings, 0 replies; 2+ messages in thread
From: Peter Korsgaard @ 2019-04-14 20:24 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> commit: https://git.buildroot.net/buildroot/commit/?id=655acd1df02e5e9ce318aadc33bd6fa8042fc455
> branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
> fakeroot by default forwards {f,l,}chown calls to libc and ignores
> permission issues, which may cause issues when building in restricted
> environments like user namespaces as set up with bubblewrap where a chown
> call with a uid/gid not mapped in the user namespace instead returns EINVAL.
> This error is not masked by fakeroot and returned to the caller, causing
> failures.
> There is no real reason to really perform the *chown calls in the context of
> Buildroot (as the calls will likely just fail and files are not accessed
> outside the fakeroot environment any way).
> This forwarding can be disabled by setting the FAKEROOTDONTTRYCHOWN
> environment variable, so set it when fakeroot is executed.
> Reported-by: Esben Nielsen <nielsen.esben@gmail.com>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2019.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-04-14 20:24 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-04-06 17:12 [Buildroot] [git commit] fs/common.mk: disable real chown calls in fakeroot Peter Korsgaard
2019-04-14 20:24 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.