FEDORA-2015-5f8e9e7d20 created by walters 5 years ago for Fedora 23
stable

Add ostree-tmp-chmod.service to fix /tmp permissions on existing installs.

How to install

sudo dnf upgrade --advisory=FEDORA-2015-5f8e9e7d20

This update has been submitted for testing by walters.

5 years ago
User Icon anonymous commented & provided feedback 5 years ago

Here's some reproducer instructions:

The patch takes effect during boot, so you do need to be using a real Atomic Host. Check permissions on /sysroot/tmp. It should be world-writable (01777).

Apply the update, but before rebooting change the /sysroot/tmp permission on 01755 (only root can write). After rebooting, verify the direction is once again world-writable (01777) and also verify that the "ostree-remount" systemd unit executed successfully during boot.

User Icon anonymous commented & provided feedback 5 years ago

I wrote the patch but I've also tested it. Works for me.

BZ#1276775 [f23 - atomic] 755 perms on /tmp directory (symlink to /sysroot/tmp)

This update has been pushed to testing.

5 years ago

This update has been submitted for stable by bodhi.

5 years ago
User Icon dustymabe commented & provided feedback 5 years ago
karma

I upgraded my host on the testing tree from 23.13 (d2094abdba) to 23.15 ( 135a8282ac). The upgrade included ostree 2015.9-2.fc23 -> 2015.9-3.fc23.

Before upgrade:

-bash-4.3# ls -ld /sysroot/tmp/
drwxr-xr-t. 7 root root 145 Nov 18 17:16 /sysroot/tmp/

After upgrade:

-bash-4.3# ls -ld /sysroot/tmp
drwxrwxrwt. 8 root root 234 Nov 18 17:18 /sysroot/tmp
-bash-4.3# atomic host status
  TIMESTAMP (UTC)         VERSION   ID             OSNAME            REFSPEC                                                        
* 2015-11-18 16:27:24     23.15     135a8282ac     fedora-atomic     fedora-atomic:fedora-atomic/f23/x86_64/testing/docker-host     
  2015-11-15 05:14:12     23.13     d2094abdba     fedora-atomic     fedora-atomic:fedora-atomic/f23/x86_64/testing/docker-host 

So this appears to work, but I don't see a new systemd unit. Doesn't really matter how it gets done as long as we get the right permissions on boot.

BZ#1276775 [f23 - atomic] 755 perms on /tmp directory (symlink to /sysroot/tmp)
User Icon walters provided feedback 5 years ago
BZ#1276775 [f23 - atomic] 755 perms on /tmp directory (symlink to /sysroot/tmp)
User Icon miabbott commented & provided feedback 5 years ago
karma

Using a F23 Atomic Host, I rebased to a custom ostree compose that included the latest package.

I used the reproducer above to verify the changes and noted the permissions were correct:

-bash-4.3# stat /sysroot/tmp/
  File: ‘/sysroot/tmp/’
  Size: 145             Blocks: 0          IO Block: 4096   directory
Device: fd00h/64768d    Inode: 101         Links: 7
Access: (1777/drwxrwxrwt)  Uid: (    0/    root)   Gid: (    0/    root)
Context: system_u:object_r:tmp_t:s0
Access: 2015-11-18 16:24:11.636000000 +0000
Modify: 2015-11-18 19:32:10.337000000 +0000
Change: 2015-11-18 19:32:10.337000000 +0000
Birth: -
-bash-4.3# stat /tmp
  File: ‘/tmp’ -> ‘sysroot/tmp’
  Size: 11              Blocks: 0          IO Block: 4096   symbolic link
Device: fd00h/64768d    Inode: 5394866     Links: 1
Access: (0777/lrwxrwxrwx)  Uid: (    0/    root)   Gid: (    0/    root)
Context: system_u:object_r:tmp_t:s0
Access: 2015-11-18 19:26:09.546000000 +0000
Modify: 2015-11-18 19:24:46.338000000 +0000
Change: 2015-11-18 19:24:46.339000000 +0000
 Birth: -

And the systemd unit file was fired off

# systemctl status ostree-remount.service
● ostree-remount.service - OSTree Remount OS/ bind mounts
   Loaded: loaded (/usr/lib/systemd/system/ostree-remount.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Wed 2015-11-18 19:26:09 UTC; 2min 23s ago
  Process: 571 ExecStart=/usr/sbin/ostree-remount (code=exited, status=0/SUCCESS)
 Main PID: 571 (code=exited, status=0/SUCCESS)

Nov 18 19:26:08 rhel-atomic-test-0.localdomain systemd[1]: Starting OSTree Remount OS/ bind mounts...
Nov 18 19:26:09 rhel-atomic-test-0.localdomain systemd[1]: Started OSTree Remount OS/ bind mounts.
BZ#1276775 [f23 - atomic] 755 perms on /tmp directory (symlink to /sysroot/tmp)
User Icon jlebon commented & provided feedback 5 years ago
karma

Also rebased on the 23.15 tree in updates-testing and verified the expected behaviour (correct permissions on /sysroot/tmp, and properly fired ostree-remount service).

BZ#1276775 [f23 - atomic] 755 perms on /tmp directory (symlink to /sysroot/tmp)

This update has been pushed to stable.

5 years ago

Please login to add feedback.

Metadata
Type
bugfix
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-1
Stable by Karma
1
Stable by Time
disabled
Dates
submitted
5 years ago
in testing
5 years ago
in stable
5 years ago
BZ#1276775 [f23 - atomic] 755 perms on /tmp directory (symlink to /sysroot/tmp)
0
5

Automated Test Results