Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: use system temporary directory when running as non-root #267

Merged
merged 1 commit into from
Jul 24, 2024
Merged

fix: use system temporary directory when running as non-root #267

merged 1 commit into from
Jul 24, 2024

Conversation

ptoscano
Copy link
Contributor

The temporary directory chosen to work properly with SELinux is /var/lib/insights, which can be accessed only by root.

insights-client is basically not usable as non-root, and it will fail with Insights client must be run as root.. The only exception here is insights-client --version, which is run only in the client without loading the core; the exception is that the client will still verify the available eggs using GPG by default.

Hence, use the default temporary directory when running as non-root: this way the available
eggs can be validated, and the client will either

  • print the version and exit
  • keep exiting saying root is required

Followup of commit dd6293d.

@ptoscano
fix: use system temporary directory when running as non-root
da95ead 
The temporary directory chosen to work properly with SELinux is
/var/lib/insights, which can be accessed only by root.

insights-client is basically not usable as non-root, and it will fail
with "Insights client must be run as root.". The only exception here is
"insights-client --version", which is run only in the client without
loading the core; the exception is that the client will still verify the
available eggs using GPG by default.

Hence, use the default temporary directory when running as non-root:
this way the available eggs can be validated, and the client will either
- print the version and exit
- keep exiting saying root is required

Followup of commit dd6293d.
m-horky
m-horky approved these changes Jul 24, 2024
View reviewed changes
Copy link
Contributor

@m-horky m-horky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

The downstream test is failing on unrelated integration-tests/test_client_options.py::test_check_show_results because the Advisor rule likely changed.

@m-horky m-horky merged commit a797d3e into RedHatInsights:master Jul 24, 2024
20 of 21 checks passed
@ptoscano ptoscano deleted the gpg-nonroot-tempdir branch July 24, 2024 12:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@m-horky m-horky m-horky approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ptoscano @m-horky