From 0d020a7145da488d4939975860569a5d8841aaab Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Thu, 10 Mar 2022 16:46:53 -0500 Subject: [PATCH] tmpfiles: Create `/run/ostree` This is referenced by https://github.com/ostreedev/ostree-rs-ext/blob/9645cee4f29786ba51ae9d62a52eeef9230146fd/lib/src/globals.rs#L16 specifically used for the (container image) pull secret in `/run/ostree/auth.json`. Let's pre-create the directory so users don't have to. Motivated by https://github.com/openshift/machine-config-operator/pull/3007#discussion_r824172564 --- src/boot/ostree-tmpfiles.conf | 2 ++ tests/inst/src/sysroot.rs | 13 +++++++++++++ 2 files changed, 15 insertions(+) diff --git a/src/boot/ostree-tmpfiles.conf b/src/boot/ostree-tmpfiles.conf index 4cbba0bd..69c2d3f3 100644 --- a/src/boot/ostree-tmpfiles.conf +++ b/src/boot/ostree-tmpfiles.conf @@ -13,5 +13,7 @@ # You should have received a copy of the GNU Lesser General Public # License along with this library. If not, see . +# ostree runtime configuration +d /run/ostree 0755 root root - # https://github.com/ostreedev/ostree/issues/393 R! /var/tmp/ostree-unlock-ovl.* diff --git a/tests/inst/src/sysroot.rs b/tests/inst/src/sysroot.rs index 301ef8b3..b10dbcd4 100644 --- a/tests/inst/src/sysroot.rs +++ b/tests/inst/src/sysroot.rs @@ -1,5 +1,8 @@ //! Tests that mostly use the API and access the booted sysroot read-only. +use std::os::unix::prelude::PermissionsExt; +use std::path::Path; + use anyhow::Result; use ostree_ext::prelude::*; use ostree_ext::{gio, ostree}; @@ -45,3 +48,13 @@ fn test_immutable_bit() -> Result<()> { cmd_has_output(sh_inline::bash_command!("lsattr -d /").unwrap(), "-i-")?; Ok(()) } + +#[itest] +fn test_tmpfiles() -> Result<()> { + if skip_non_ostree_host() { + return Ok(()); + } + let metadata = Path::new("/run/ostree").metadata()?; + assert_eq!(metadata.permissions().mode() & !nix::libc::S_IFMT, 0o755); + Ok(()) +}