-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dnf5 not raising error until the end when running with no privileges #849
Comments
Already reported in Fedora Bugzilla https://bugzilla.redhat.com/show_bug.cgi?id=2217842. |
I believe that DNF4 lies. Checking for EUID is not a proper test because in the world of SELinux a nonsuperuser can have plenty of other ways to obtain required privileges. Especially when multi-level security is employed. DNF5 could temporarily acquire its lock before a transaction test. That would prevent users without a write access to a DNF database to continue in the operations which are supposed to modify the system (install, upgrade, remove, etc.). However, I believe that DNF5 should not deny users from performing a dependency resolution which happens before the transaction check. Querying DNF5 for action it would perform, in a sense of "dnf5 --assumeno ..." is a legitimate operation. |
We can only allow that if we will be able to allow cache sharing between users. If |
Related existing issue: #337. |
I would like to discuss various ways to accomplish this task. Here are some of my thoughts on the topic:
As we seem to have reached a consensus for the default DNF5 behavior to be strict, I prefer the check to be performed before command processing (and before metadata is downloaded). I also support @ppisar's suggestion of switching to the approach of acquiring the lock. |
How to check When to check Postponing of the check after metadata are downloaded might provide some user experience complains, because metadata might be re-downloaded also for the root user. How to notify the user |
Hm, it might not be that easy. It looks like sometimes
When you try to do similar thing using only
Btw, we already have an old RFE for this: https://bugzilla.redhat.com/show_bug.cgi?id=1878057 |
Would it be possible for DNF5 to print the detailed cause why the transaction faile?. I.e. to follow "Transaction failed: Rpm transaction failed." with "unpacking of archive failed on file /var/spool/mail: cpio: chown failed - Device or resource busy"? |
There is even not any lead in |
I am running into this(I think) when trying to populate a container built from scratch using buildah |
I get these |
Sorry for late reply, but more details about the |
Edit: I was able to fix this by simply removing the plugin Thanks, but now I'm hitting this from within my toolbx containers:
This looks possibly similar to this bug which can apparently be worked around using the P.S. I managed to upgrade DNF by copying the package download locations from
(since I noticed that anything from the official repos was failing, but I could upgrade packages from third party repos). I'm not sure why this only affects installing from the official fedora repos. |
Running
dnf upgrade foo
immediately stops with an error warning the user that the command needs to be executed in privileged mode (sudo or root).Running
dnf5 upgrade foo
instead performs all the tasks, downloads the update and then fails with apermission denied
.The text was updated successfully, but these errors were encountered: