cmd/initContainer: Avoid RPM failures due to unexpected file owners

When running rootless, files and directories bind mounted from the host operating system can have their ownership listed as nobody:nobody. This is because the UIDs and GIDs that actually own those locations are not available inside the container. Some distribution packages are particular about the file ownerships of some of these locations. eg., Fedora's filesystem RPM. Encountering nobody:nobody as the owner can fail package management transactions involving such packages leading to unforeseen consequences. Therefore, configure RPM to leave these locations alone. #640
containers · Dec 2, 2020 · 4bca04f · 4bca04f
1 parent 0af82ab
commit 4bca04f
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/src/cmd/initContainer.go b/src/cmd/initContainer.go
@@ -252,6 +252,23 @@ func initContainer(cmd *cobra.Command, args []string) error {
 		}
 	}
 
+	if utils.PathExists("/usr/lib/rpm") {
+		logrus.Debug("Configuring RPM to ignore bind mounts")
+
+		rpmConfigString := `# Written by Toolbox
+# https://github.com/containers/toolbox
+
+%_netsharedpath /dev:/media:/proc:/sys:/tmp:/var/lib/flatpak
+`
+
+		rpmConfigBytes := []byte(rpmConfigString)
+		if err := ioutil.WriteFile("/usr/lib/rpm/toolbox",
+			rpmConfigBytes,
+			0644); err != nil {
+			return fmt.Errorf("failed to configure RPM to ignore bind mounts: %w", err)
+		}
+	}
+
 	logrus.Debug("Setting up daily ticker")
 
 	daily, err := time.ParseDuration("24h")