From eb37171735f2680d9d46a8ae258795e10ae2c7ff Mon Sep 17 00:00:00 2001
From: Chris Evich <cevich@redhat.com>
Date: Tue, 7 May 2024 12:19:34 -0400
Subject: [PATCH] Fix systemd config permissions

When the `Containerfile` `ADD` instruction runs against files from a git
repository, it's easily possible the permissions will be incorrect
inside the container.  Because systemd configuration and units are
rather important, update the setup script to ensure they're always set
correctly.

Signed-off-by: Chris Evich <cevich@redhat.com>
---
 root/setup.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/root/setup.sh b/root/setup.sh
index 70710e3..e50fed9 100644
--- a/root/setup.sh
+++ b/root/setup.sh
@@ -190,6 +190,15 @@ function finalize_ownership() {
   # and also to the `ADD` instruction in the `Containerfile`.
   chown -R runner:runner /home/runner
   chown -R podman:podman /home/podman
+
+  # Ensure correct permissions of system configuration files.
+  # Somehow these can be set incorrectly during Containerfile
+  # ADD instruction.
+  local path
+  for path in "/etc/systemd/system.conf.d" "/etc/systemd/system/user-.slice.d"; do
+    chown root:root ${path}/*
+    chmod 0644 ${path}/*
+  done
 }
 
 check_vars