From 17010a2854ab67097b7f4e02cf7ad7c4fc56df58 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 29 May 2024 13:17:25 +0200 Subject: [PATCH 1/2] Fix invoked_as_root initialization --- mkosi/user.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mkosi/user.py b/mkosi/user.py index 2d2dbfec9..823af4fc0 100644 --- a/mkosi/user.py +++ b/mkosi/user.py @@ -20,7 +20,7 @@ class INVOKING_USER: uid = int(os.getenv("SUDO_UID") or os.getenv("PKEXEC_UID") or os.getuid()) gid = int(os.getenv("SUDO_GID") or os.getgid()) - invoked_as_root = uid == 0 + invoked_as_root = os.getuid() == 0 @classmethod def init(cls) -> None: From fe0f468fb18fb18b10aba4e47d1dfeedfca58218 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 29 May 2024 14:03:08 +0200 Subject: [PATCH 2/2] Relax permissions on systemd-journal-remote configuration Let's make sure the systemd-journal-remote process we start can always read the configuration, even if it's running as a less privileged user. --- mkosi/qemu.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mkosi/qemu.py b/mkosi/qemu.py index 62a5ff549..333ead55c 100644 --- a/mkosi/qemu.py +++ b/mkosi/qemu.py @@ -450,6 +450,8 @@ def start_journal_remote(config: Config, sockfd: int) -> Iterator[None]: INVOKING_USER.chown(d) with tempfile.NamedTemporaryFile(mode="w", prefix="mkosi-journal-remote-config-") as f: + os.chmod(f.name, 0o644) + # Make sure we capture all the logs by bumping the limits. We set MaxFileSize=4G because with the compact mode # enabled the files cannot grow any larger anyway. f.write(