Drop the need for --privileged for all subcommands except build#361
Merged
lzap merged 3 commits intoosbuild:mainfrom Nov 5, 2025
Merged
Drop the need for --privileged for all subcommands except build#361lzap merged 3 commits intoosbuild:mainfrom
build#361lzap merged 3 commits intoosbuild:mainfrom
Conversation
Instead, use the one we share with bib.
Prior this commit, we prepared the environment in the main function. This meant that image-builder needed a lot of privileges even for operations like describe. However, the environment changes are only needed for running osbuild, thus it makes sense to run it only for the build command.
thozza
reviewed
Nov 5, 2025
Member
thozza
left a comment
There was a problem hiding this comment.
The gist of the change LGTM, however, tests are failing
With the new entrypoint handling in the Go code (see previous commits), we now run chcon there (because we run the tests in a container, so the entrypoint code gets triggered). In order to do that, we need more privileges, so this commit adds --privileged to the test suite.
e6b08ed to
9320857
Compare
Contributor
|
The PR title does not match, or I am not getting it. One of these :-) |
Member
|
I don't really grok it either; I understand the code but the commit messages are a bit confusing. I can run I'll assume this is only applicable for running inside a container (since that's what the code does) and that the commit/title could make it a bit more clear. |
supakeen
approved these changes
Nov 5, 2025
lzap
approved these changes
Nov 5, 2025
Contributor
lzap
left a comment
There was a problem hiding this comment.
I mean, commit messages do appear to be fine we can edit PR title later if needed. Code looks good.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
main: drop the bash entrypoint
Instead, use the one we share with bib.
main: prepare osbuild env only for the build subcommand
Prior this commit, we prepared the environment in the main function.
This meant that image-builder needed a lot of privileges even for
operations like describe. However, the environment changes are only
needed for running osbuild, thus it makes sense to run it only for
the build command.
Fixes #103