(vera4) Remove setuid/setgid bits
This commit is contained in:
parent
56d906c633
commit
d202ad9e64
2 changed files with 8 additions and 0 deletions
|
|
@ -20,5 +20,9 @@ RUN dnf5 -y remove firefox firefox-langpacks
|
||||||
# Remove unneeded packages (currently doesn't actually reduce space, but reduces clutter)
|
# Remove unneeded packages (currently doesn't actually reduce space, but reduces clutter)
|
||||||
RUN dnf5 -y autoremove
|
RUN dnf5 -y autoremove
|
||||||
|
|
||||||
|
# Remove setuid/setgid binaries
|
||||||
|
# Except for polkit-agent-helper-1, it's currently required for interactive authentication with polkit.
|
||||||
|
RUN find /usr -mindepth 1 -type f -perm /6000 -regextype posix-extended -not -regex '/usr/lib/polkit-1/polkit-agent-helper-1' -exec sh -c 'chmod ug-s '{}' && echo "Removed setuid/setgid bit(s) from {}"' \;
|
||||||
|
|
||||||
# https://github.com/ostreedev/ostree-rs-ext/issues/159
|
# https://github.com/ostreedev/ostree-rs-ext/issues/159
|
||||||
RUN ostree container commit
|
RUN ostree container commit
|
||||||
|
|
|
||||||
|
|
@ -20,5 +20,9 @@ RUN dnf5 -y remove firefox firefox-langpacks
|
||||||
# Remove unneeded packages (currently doesn't actually reduce space, but reduces clutter)
|
# Remove unneeded packages (currently doesn't actually reduce space, but reduces clutter)
|
||||||
RUN dnf5 -y autoremove
|
RUN dnf5 -y autoremove
|
||||||
|
|
||||||
|
# Remove setuid/setgid binaries
|
||||||
|
# Except for polkit-agent-helper-1, it's currently required for interactive authentication with polkit.
|
||||||
|
RUN find /usr -mindepth 1 -type f -perm /6000 -regextype posix-extended -not -regex '/usr/lib/polkit-1/polkit-agent-helper-1' -exec sh -c 'chmod ug-s '{}' && echo "Removed setuid/setgid bit(s) from {}"' \;
|
||||||
|
|
||||||
# https://github.com/ostreedev/ostree-rs-ext/issues/159
|
# https://github.com/ostreedev/ostree-rs-ext/issues/159
|
||||||
RUN ostree container commit
|
RUN ostree container commit
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue