Prior to filesystem-1.1-16, /media used to be a symlink to /run/media but this was
replaced with a directory. The RPM upgrade operation generally worked when the /media
symlink is a dangling link, which is commonly the case, however not always the case.
And when the /media symlink is indeed properly pointing to a real /run/media, RPM has a
known limitation where it is not possible to replace an active symlink with a directory,
and thus the RPM transation fails.
To workaround this, a %pretrans scriptlet must run to test and remove the symlink
before RPM attempts to install the new directory.
https://docs.fedoraproject.org/en-US/packaging-guidelines/Directory_Replacement
Fixes: e2d3d55ce1 ("fix: make /media a directory")
Signed-off-by: Chris Co <chrco@microsoft.com>
* filesystem: Restore /opt.
/opt is part of FHS. This fixes an issue on SELinux systems where
containerd will create /opt but we'd prefer not to allow this in
the policy.
Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
* selinux-policy: systemd-hostnamed fix.
Cherry pick systemd-hostnamed fix for handling /run/systemd/default-hostname.
Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
* containerd: Precreate /opt/containerd/{bin,lib}.
These are created by io.containerd.internal.v1.opt but it results in the
dirs having incorrect SELinux lables. Creating them in the package will
ensure correct labeling.
Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
---------
Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
Currently, /media is a symlink to /run/media, however /run is a tmpfs so
the symlink does not persist across reboots.
Generally the symlink is not useful and having it present is fragile. So
instead change /media to a proper directory in accordance with the Linux
Filesystem Hierarchy standard.
Signed-off-by: Chris Co <chrco@microsoft.com>
Change #5528 refactored how umask is set during profile load. However, this broke certain customers who had modified/replaced /etc/profile. This pull reverts those changes.
Presently, systemd-oom and systemd-coredump service accounts are not created during RPM install and are created on initial boot. Create these users and groups during installation like other generic systemd accounts.
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
Co-authored-by: Olivia Crain <oliviacrain@microsoft.com>
* first commit of MarinerFedRamp2.0
* first commit for FedRAMP2.0
* patched all the asc cases in source code
* address Daniel's review comments for Mariner 2.0 FedRAMP
* move dsiabling ICMP redirect from source to packer
* Update SPECS/shadow-utils/shadow-utils.spec
Co-authored-by: Christopher Co <35273088+christopherco@users.noreply.github.com>
* Update SPECS/fedramp/fedramp.spec
Co-authored-by: Christopher Co <35273088+christopherco@users.noreply.github.com>
* address the comments in 2nd round reviews
* add asc.spec to replace fedramp.spec
* delete fedramp spec
* fix typo and remove changes for system-password
* update manifest file
* remove some unnecessary changes
* add empty line at end
* update to pass PR check
* address 1st round review comments
* update changelog for license
* address review comments
* remove ssh access
Co-authored-by: rmhsawyer <mingheren@gmail.com>
Co-authored-by: Christopher Co <35273088+christopherco@users.noreply.github.com>
Christopher Co
Dan Streetman
Chris PeBenito
Daniel McIlvaney
Tobias Brick
AZaugg
tgopinath-microsoft
Minghe Ren
Olivia Crain
brendank310
Joe Schmitt
Jon Slobodzian