Skip to content

Commit

Permalink
fix: unconfined qfile-unpacker
Browse files Browse the repository at this point in the history
Upstream-commit: 0648b2329f0d142a2e24ecf376b28603fb04abb4
  • Loading branch information
ben-grande committed Jan 3, 2024
1 parent ddb2775 commit 5a93e9e
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 4 deletions.
3 changes: 2 additions & 1 deletion salt/qubes-builder/files/admin/policy/default.policy
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
# SPDX-FileCopyrightText: 2023 The Qubes OS Project <https://www.qubes-os.org>
# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <[email protected]>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
# SPDX-License-Identifier: GPL-2.0-only

## Do not modify this file, create a new policy with with a lower number in the
## file name instead. For example `30-user.policy`.
Expand Down
13 changes: 10 additions & 3 deletions salt/qubes-builder/files/server/rpc/qubesbuilder.FileCopyIn
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/usr/bin/bash
#!/usr/bin/sh

# SPDX-FileCopyrightText: 2022 - 2023 The Qubes OS Project <https://www.qubes-os.org>
#
Expand All @@ -7,5 +7,12 @@
set -e

sudo bash -c "mkdir -p /builder/incoming && chown -R user:user /builder"
id="$(id -u user)"
exec /usr/lib/qubes/qfile-unpacker "${id}" "/builder/incoming"

id=$(id -u user)

if test -x /usr/lib/qubes/qfile-unpacker; then
# shellcheck disable=SC2123
PATH="${PATH+"$PATH:"}/usr/lib/qubes"
fi

exec qfile-unpacker "$id" "/builder/incoming"

0 comments on commit 5a93e9e

Please sign in to comment.