tmpfiles: Create `/run/ostree`

This is referenced by 9645cee4f2/lib/src/globals.rs (L16) specifically used for the (container image) pull secret in `/run/ostree/auth.json`. Let's pre-create the directory so users don't have to. Motivated by https://github.com/openshift/machine-config-operator/pull/3007#discussion_r824172564
2022-03-10 16:46:53 -05:00 · 2022-03-10 16:46:53 -05:00 · 0d020a7145
parent 0d6e66b57a
commit 0d020a7145
2 changed files with 15 additions and 0 deletions
--- a/src/boot/ostree-tmpfiles.conf
+++ b/src/boot/ostree-tmpfiles.conf
@ -13,5 +13,7 @@
 # You should have received a copy of the GNU Lesser General Public
 # License along with this library. If not, see <https://www.gnu.org/licenses/>.

+# ostree runtime configuration
+d /run/ostree 0755 root root -
 # https://github.com/ostreedev/ostree/issues/393
 R! /var/tmp/ostree-unlock-ovl.*
--- a/tests/inst/src/sysroot.rs
+++ b/tests/inst/src/sysroot.rs
@ -1,5 +1,8 @@
 //! Tests that mostly use the API and access the booted sysroot read-only.

+use std::os::unix::prelude::PermissionsExt;
+use std::path::Path;
+
 use anyhow::Result;
 use ostree_ext::prelude::*;
 use ostree_ext::{gio, ostree};
@ -45,3 +48,13 @@ fn test_immutable_bit() -> Result<()> {
    cmd_has_output(sh_inline::bash_command!("lsattr -d /").unwrap(), "-i-")?;
    Ok(())
 }
+
+#[itest]
+fn test_tmpfiles() -> Result<()> {
+    if skip_non_ostree_host() {
+        return Ok(());
+    }
+    let metadata = Path::new("/run/ostree").metadata()?;
+    assert_eq!(metadata.permissions().mode() & !nix::libc::S_IFMT, 0o755);
+    Ok(())
+}