[Git-commits] [grml/grml-live] 56b8b7: grml-live: strip xattrs in squashfs
Chris Hofstaedtler
noreply at github.com
Tue Dec 10 17:52:27 CET 2024
Branch: refs/heads/zeha/strip-xattrs
Home: https://github.com/grml/grml-live
Commit: 56b8b77887314275f4e34cac3910aef7eefef261
https://github.com/grml/grml-live/commit/56b8b77887314275f4e34cac3910aef7eefef261
Author: Chris Hofstaedtler <ch at grml.org>
Date: 2024-12-10 (Tue, 10 Dec 2024)
Changed paths:
M grml-live
Log Message:
-----------
grml-live: strip xattrs in squashfs
Ignore all extended attributes from files in chroot when adding them to the
squashfs.
This avoids:
1) leaking containerization supplied selinux attributes into the squashfs,
which can be seen when building in podman, and in docker.
2) prevents unpacking errors in a later build-only step in containers not
supporting xattrs. Can also be seen in podman.
On a normal machine and also on a normal (booted) Grml system, the only things
having xattrs are:
file: var/log/journal
system.posix_acl_access
system.posix_acl_default
file: var/log/journal/1e77092b16004314a93d779757d513ac
system.posix_acl_access
system.posix_acl_default
Both of these are apparently applied by systemd/journald during boot, even if
the filesystem does not have them.
To unsubscribe from these emails, change your notification settings at https://github.com/grml/grml-live/settings/notifications
More information about the Git-commits
mailing list