#759 [rpmbuild] make_srpm: use --private-users=true
Merged 4 years ago by praiskup. Opened 4 years ago by praiskup.

file modified
+1 -1
@@ -3,4 +3,4 @@

  config_opts['use_host_resolv'] = True

  config_opts['chroot_additional_packages'] = 'make dnf'

  config_opts['plugin_conf']['bind_mount_enable'] = True

- config_opts['nspawn_args'] = ['--private-users=pick','--drop-capability=CAP_SYS_ADMIN,CAP_IPC_OWNER,CAP_KILL,CAP_LEASE,CAP_LINUX_IMMUTABLE,CAP_NET_BIND_SERVICE,CAP_NET_BROADCAST,CAP_NET_RAW,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT,CAP_SYS_NICE,CAP_SYS_PTRACE,CAP_SYS_TTY_CONFIG,CAP_SYS_RESOURCE,CAP_SYS_BOOT,CAP_AUDIT_WRITE,CAP_AUDIT_CONTROL']

+ config_opts['nspawn_args'] = ['--drop-capability=CAP_SYS_ADMIN,CAP_IPC_OWNER,CAP_KILL,CAP_LEASE,CAP_LINUX_IMMUTABLE,CAP_NET_BIND_SERVICE,CAP_NET_BROADCAST,CAP_NET_RAW,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT,CAP_SYS_NICE,CAP_SYS_PTRACE,CAP_SYS_TTY_CONFIG,CAP_SYS_RESOURCE,CAP_SYS_BOOT,CAP_AUDIT_WRITE,CAP_AUDIT_CONTROL']

This is not recommended settings, but it is needed temporarily
till https://github.com/rpm-software-management/mock/pull/265
is resolved somehow.

@frostyx @msuchy I'd like to get this reviewed to be able to move to F30 builders, can you please take a look?

Reading man systemd-nspawn, I can't figure out any reason, why we can't do this, so +1.

rebased onto d3ae6f6

4 years ago

Since --private-users=true is the default, I rather removed it entirely, and used a different git commit message.

Ok, nothing changed since last +1 practically, and I need this for moving the F30 builders forward; so I'll exempt this PR from 24h rule - and merge. Thanks for taking a look even after merge!

Pull-Request has been merged by praiskup

4 years ago