From: Arseny Maslennikov <arseny@altlinux.org>
To: ALT Linux Team development discussions <devel@lists.altlinux.org>
Subject: [devel] I: nobody-owned files in packages
Date: Thu, 29 Feb 2024 11:42:28 +0300
Message-ID: <ZeBDdEUM8CqqWddt@cello> (raw)
In-Reply-To: <ZZvF7T9Pz-FlTX2A@cello>
[-- Attachment #1: Type: text/plain, Size: 1391 bytes --]
On Mon, Jan 08, 2024 at 12:52:45PM +0300, Arseny Maslennikov wrote:
> https://packages.altlinux.org/tasks/330460
В ближайшее время задание уйдёт в сизиф.
> #740 setup 2.2.19-alt1 -> 2.2.20-alt1
> Tue Nov 07 2023 Arseny Maslennikov <arseny@altlinux> 2.2.20-alt1
> - Install the default overflowuid defined by Linux (incl. our kernels) as the
> nobody user and group. The user and group 99 are installed as _nobody99.
> #1000 filesystem 2.3.18-alt1 -> 2.3.19-alt1
> Thu Nov 16 2023 Arseny Maslennikov <arseny@altlinux> 2.3.19-alt1
> - Removed /var/nobody altogether.
> #1140 basesystem 1:sisyphus-alt23 -> 1:sisyphus-alt25
> Sun Dec 10 2023 Arseny Maslennikov <arseny@altlinux> 1:sisyphus-alt25
> - Split interactivesystem away from basesystem.
> Sat Dec 09 2023 Arseny Maslennikov <arseny@altlinux> 1:sisyphus-alt24
> - Added a facility to upgrade default passwd entries, hopefully temporary.
Обращаю особое внимание на следующее правило:
> #1600 sisyphus_check 0.8.68-alt2 -> 0.8.69-alt1
> Tue Nov 14 2023 Arseny Maslennikov <arseny@altlinux> 0.8.69-alt1
> - Disallowed file objects whose owner or group is nobody.
sisyphus-check будет зарубать пакеты, где что-либо упаковано как:
%attr(*, nobody, *)
или
%attr(*, *, nobody)
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
prev parent reply other threads:[~2024-02-29 8:42 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-19 18:13 [devel] NobodySubjectPolicy implementation arseny
2024-01-08 9:29 ` Arseny Maslennikov
2024-01-08 9:52 ` [devel] [#330460] TESTED (try 16) Arseny Maslennikov
2024-02-29 8:42 ` Arseny Maslennikov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZeBDdEUM8CqqWddt@cello \
--to=arseny@altlinux.org \
--cc=devel@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Team development discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/devel/0 devel/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 devel devel/ http://lore.altlinux.org/devel \
devel@altlinux.org devel@altlinux.ru devel@lists.altlinux.org devel@lists.altlinux.ru devel@linux.iplabs.ru mandrake-russian@linuxteam.iplabs.ru sisyphus@linuxteam.iplabs.ru
public-inbox-index devel
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.devel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git