From 2a9bbec1966323d6934a4beef2eed830ee86c52f Mon Sep 17 00:00:00 2001 From: Richard Maw Date: Tue, 19 Mar 2024 18:02:33 +0000 Subject: [PATCH] Relax mkdir/rchown subpath of home check to owns a parent dir "the user owns a parent directory" is a lot less strict than being under the home directory, but allows using shared directories that are not mounted under home, and at least requires some explicit config to create the directory before it can be used rather than just being any directory the user is able to create. --- mkosi/user.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mkosi/user.py b/mkosi/user.py index 3ed1511f02..095b4dccbd 100644 --- a/mkosi/user.py +++ b/mkosi/user.py @@ -64,7 +64,7 @@ def cache_dir(cls) -> Path: @classmethod def mkdir(cls, path: Path) -> Path: - cond = not cls.invoked_as_root or (cls.is_regular_user() and path.is_relative_to(cls.home())) + cond = not cls.invoked_as_root or (cls.is_regular_user() and any(p.stat().st_uid == cls.uid for p in path.parents)) run( ["mkdir", "--parents", path], user=cls.uid if cond else os.getuid(), @@ -75,7 +75,7 @@ def mkdir(cls, path: Path) -> Path: @classmethod def rchown(cls, path: Path) -> None: - if cls.is_regular_user() and path.is_relative_to(INVOKING_USER.home()) and path.exists(): + if cls.is_regular_user() and any(p.stat().st_uid == cls.uid for p in path.parents) and path.exists(): run(["chown", "--recursive", f"{INVOKING_USER.uid}:{INVOKING_USER.gid}", path])