Age | Commit message (Collapse) | Author |
|
|
|
|
|
When decompression fails, we should raise a tarfile.ReadError rather
than a zstandard.ZstdError. Otherwise, tarfile gives up guessing.
|
|
|
|
* Drop supplementary groups. Very likely, those are not mapped inside
and they cannot cause much good.
* Sane permission for the root directory. Otherwise no non-root user
can access any files.
|
|
|
|
When TMPDIR has restrictive permissions, the namespace may be unable to
access the leading components. Thus we put the supervisor process
handling the cleanup into a different namespace that has all the ids
plus the current uid mapped. It'll then be able to perform the cleanup
(and the initial chown).
|
|
|
|
* Add execute bit
* Consume first positional argument
|
|
When using sys.exit, we actually raise a SystemExit exception and as a
consequence exit all context managers. If a particular context manager
pertains only the process at hand, we don't really care, because our
process is supposed to vanish. If a context manager changes external
state such as tempfile.NamedTemporaryFile, this is very bad and
unexpected. We need to ensure that such cleanup is not performed.
This also simplifies the test suite that had to emulate this behaviour
already as pytest uses a context manager.
|
|
|
|
Most frequently, the root user is allocated.
|
|
|
|
|
|
|
|
|
|
|