Skip to content

Switch RPM probes from PROBE_OFFLINE_CHROOT to PROBE_OFFLINE_OWN#2315

Open
0intro wants to merge 1 commit intoOpenSCAP:mainfrom
0intro:djc/rpm-offline-own
Open

Switch RPM probes from PROBE_OFFLINE_CHROOT to PROBE_OFFLINE_OWN#2315
0intro wants to merge 1 commit intoOpenSCAP:mainfrom
0intro:djc/rpm-offline-own

Conversation

@0intro
Copy link
Contributor

@0intro 0intro commented Feb 18, 2026

The rpminfo, rpmverifyfile, and rpmverify probes declared PROBE_OFFLINE_CHROOT mode, causing the probe framework to call chroot which requires root privileges. All three probes already had PROBE_OFFLINE_OWN handler code using rpmtsSetRootDir to point librpm at the sysroot's RPM database without chroot.

Switch the offline mode to PROBE_OFFLINE_OWN so oscap-chroot scans work as an unprivileged user. Update the offline test scripts to use set_offline_chroot_dir directly, removing the chroot capability requirement.

The rpminfo, rpmverifyfile, and rpmverify probes declared
PROBE_OFFLINE_CHROOT mode, causing the probe framework to call
chroot which requires root privileges. All three probes already
had PROBE_OFFLINE_OWN handler code using rpmtsSetRootDir to
point librpm at the sysroot's RPM database without chroot.

Switch the offline mode to PROBE_OFFLINE_OWN so oscap-chroot scans
work as an unprivileged user. Update the offline test scripts to
use set_offline_chroot_dir directly, removing the chroot capability
requirement.
@sonarqubecloud
Copy link

Copy link
Member

@Mab879 Mab879 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like we need to update tests/probes/rpm/rpmverifypackage/test_probes_rpmverifypackage_offline.sh as well to use rpm_prepare_offline_own as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants

Comments