Updated scripts/create-base.sh (unprivilege tweaks).

author Zoltán Felleg <zoltan.felleg@userrendszerhaz.hu>

Tue, 4 Jun 2024 12:16:06 +0000 (14:16 +0200)

committer Zoltán Felleg <zoltan.felleg@userrendszerhaz.hu>

Tue, 4 Jun 2024 12:16:06 +0000 (14:16 +0200)
author Zoltán Felleg <zoltan.felleg@userrendszerhaz.hu>
Tue, 4 Jun 2024 12:16:06 +0000 (14:16 +0200)
committer Zoltán Felleg <zoltan.felleg@userrendszerhaz.hu>
Tue, 4 Jun 2024 12:16:06 +0000 (14:16 +0200)
diff --git a/scripts/create-base.sh b/scripts/create-base.sh

index 58736fe50124fc5019cc0818be50093f4f039256..ad4dbdbf2e4e0c89a0d8f0b17a3017cd9acadaee 100755 (executable)
--- a/scripts/create-base.sh
+++ b/scripts/create-base.sh
@@ -318,6 +318,10 @@ postinstall()
  
  unprivilege()
  {
+    find $CONTAINER_BUILDROOT -perm -u+s >/tmp/us.$$
+    find $CONTAINER_BUILDROOT -perm -g+s >/tmp/gs.$$
+    find $CONTAINER_BUILDROOT -perm -o+t >/tmp/ot.$$
+
      PRIV_UID=0
      UNPRIV_UID=$(( $PRIV_UID + 100000 ))
      PRIV_UID_COUNT=$(find $CONTAINER_BUILDROOT -uid $PRIV_UID | wc -l)
@@ -349,6 +353,20 @@ unprivilege()
          UNPRIV_GID=$(( $PRIV_GID + 100000 ))
          chgrp --no-dereference $UNPRIV_GID $PRIV_GID_FILE
      done
+
+    cat /tmp/us.$$ | while read US_NODE
+    do
+        chmod u+s $US_NODE
+    done
+    cat /tmp/gs.$$ | while read GS_NODE
+    do
+        chmod g+s $GS_NODE
+    done
+    cat /tmp/ot.$$ | while read OT_NODE
+    do
+        chmod o+t $OT_NODE
+    done
+    rm --force /tmp/us.$$ /tmp/gs.$$ /tmp/ot.$$
  }
  
  set_variables $1
author	Zoltán Felleg <zoltan.felleg@userrendszerhaz.hu>
	Tue, 4 Jun 2024 12:16:06 +0000 (14:16 +0200)
committer	Zoltán Felleg <zoltan.felleg@userrendszerhaz.hu>
	Tue, 4 Jun 2024 12:16:06 +0000 (14:16 +0200)