From debbecbc6cec7ae494f26703d0ae28b2c53b0e26 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Mar 13 2015 12:12:24 +0000 Subject: manifest: Use hardcoded passwd/group data Currently Fedora rel-eng does separate repositories for the different releases. This means that rpm-ostree can't propagate the cached /usr/lib/passwd and /usr/lib/group from previous trees. Regardless, we'll have continual problems where people want to make their own trees and rebase to them. In order to support this, there's no other current solution than hardcoding them here. --- diff --git a/fedora-atomic-docker-host.json b/fedora-atomic-docker-host.json index 2f178fa..2dac8e5 100644 --- a/fedora-atomic-docker-host.json +++ b/fedora-atomic-docker-host.json @@ -17,6 +17,11 @@ "etc-group-members": ["wheel", "docker"], + "ignore-removed-users": ["root"], + "ignore-removed-groups": ["root"], + "check-passwd": { "type": "file", "filename": "passwd" }, + "check-groups": { "type": "file", "filename": "group" }, + "packages": ["glibc", "nss-altfiles", "shadow-utils", "fedora-release", "dracut-config-generic", "kernel", diff --git a/group b/group new file mode 100644 index 0000000..a524089 --- /dev/null +++ b/group @@ -0,0 +1,48 @@ +root:x:0: +bin:x:1: +daemon:x:2: +sys:x:3: +adm:x:4: +tty:x:5: +disk:x:6: +lp:x:7: +mem:x:8: +kmem:x:9: +wheel:x:10: +cdrom:x:11: +mail:x:12: +man:x:15: +dialout:x:18: +floppy:x:19: +games:x:20: +tape:x:30: +video:x:39: +ftp:x:50: +lock:x:54: +audio:x:63: +nobody:x:99: +users:x:100: +utmp:x:22: +utempter:x:35: +input:x:999: +systemd-journal:x:190: +systemd-timesync:x:998: +systemd-network:x:997: +systemd-resolve:x:996: +systemd-bus-proxy:x:995: +dbus:x:81: +polkitd:x:994: +dockerroot:x:993: +ssh_keys:x:992: +tss:x:59: +cgred:x:991: +rpc:x:32: +etcd:x:990: +avahi-autoipd:x:170: +cockpit-ws:x:989: +dip:x:40: +kube:x:988: +rpcuser:x:29: +nfsnobody:x:65534: +sshd:x:74: +tcpdump:x:72: diff --git a/passwd b/passwd new file mode 100644 index 0000000..2c5eef8 --- /dev/null +++ b/passwd @@ -0,0 +1,30 @@ +root:x:0:0:root:/root:/bin/bash +bin:x:1:1:bin:/bin:/sbin/nologin +daemon:x:2:2:daemon:/sbin:/sbin/nologin +adm:x:3:4:adm:/var/adm:/sbin/nologin +lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin +sync:x:5:0:sync:/sbin:/bin/sync +shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown +halt:x:7:0:halt:/sbin:/sbin/halt +mail:x:8:12:mail:/var/spool/mail:/sbin/nologin +operator:x:11:0:operator:/root:/sbin/nologin +games:x:12:100:games:/usr/games:/sbin/nologin +ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin +nobody:x:99:99:Nobody:/:/sbin/nologin +systemd-timesync:x:999:998:systemd Time Synchronization:/:/sbin/nologin +systemd-network:x:998:997:systemd Network Management:/:/sbin/nologin +systemd-resolve:x:997:996:systemd Resolver:/:/sbin/nologin +systemd-bus-proxy:x:996:995:systemd Bus Proxy:/:/sbin/nologin +dbus:x:81:81:System message bus:/:/sbin/nologin +polkitd:x:995:994:User for polkitd:/:/sbin/nologin +dockerroot:x:994:993:Docker User:/var/lib/docker:/sbin/nologin +tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin +rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin +etcd:x:993:990:etcd user:/var/lib/etcd:/sbin/nologin +avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin +cockpit-ws:x:992:989:User for cockpit-ws:/:/sbin/nologin +kube:x:991:988:Kubernetes user:/:/sbin/nologin +rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin +nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin +sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin +tcpdump:x:72:72::/:/sbin/nologin