Skip to content

Commit

Permalink
grml-live: strip xattrs in squashfs
Browse files Browse the repository at this point in the history 
Ignore all extended attributes from files in chroot when adding them to the
squashfs.

This avoids:

1) leaking containerization supplied selinux attributes into the squashfs,
which can be seen when building in podman, and in docker.

2) prevents unpacking errors in a later build-only step in containers not
supporting xattrs. Can also be seen in podman.
  • Loading branch information
@zeha
zeha committed Dec 10, 2024
1 parent c033554 commit ba18916
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions grml-live
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1514,6 +1514,11 @@ else
fi
fi

# Ignore all extended attributes. This avoids:
# 1) leaking containerization supplied selinux attributes into the squashfs,
# 2) prevents unpacking errors in a later build-only step in containers not supporting xattrs.
SQUASHFS_OPTIONS="$SQUASHFS_OPTIONS -no-xattrs"

# support exclusion of files via exclude-file:
if [ -n "$SQUASHFS_EXCLUDES_FILE" ] && [ "$SQUASHFS_EXCLUDES_FILE" ] ; then
SQUASHFS_OPTIONS="$SQUASHFS_OPTIONS -ef $SQUASHFS_EXCLUDES_FILE -wildcards"
Expand Down

0 comments on commit ba18916

Please sign in to comment.