From 7494ad1d18dcc620f8ea1f894fe669b205f4d04e Mon Sep 17 00:00:00 2001 From: yeti Date: Thu, 17 Apr 2025 22:55:40 +0100 Subject: [PATCH] chore: remove setfacl hardening not working as expected --- build-workspace.sh | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/build-workspace.sh b/build-workspace.sh index d9747b0..bfcdffd 100755 --- a/build-workspace.sh +++ b/build-workspace.sh @@ -35,6 +35,8 @@ buildah copy "$ctr" ssh $SECURE/ssh # zsh and tmux config (immutable) buildah run "$ctr" -- chown -R $DEV_USER:$DEV_USER $DEV_HOME buildah run --user $DEV_USER "$ctr" -- nvim --headless "+Lazy! sync" +qa +buildah run --user $DEV_USER "$ctr" -- nvim --headless "+Lazy! sync" +qa +buildah run --user $DEV_USER "$ctr" -- nvim --headless "+Lazy! sync" +qa # lock the files buildah run "$ctr" -- bash -c "\ @@ -49,17 +51,6 @@ buildah run "$ctr" -- bash -c "\ $DEV_HOME/.config/tmux/tmux.conf \ $DEV_HOME/.config/tmux/tmux.conf.local \ $DEV_HOME/.config/zsh/fzf-git.sh && \ - setfacl -m u:devuser:--x $DEV_HOME/start.sh \ - $DEV_HOME/.config/lazygit/config.yml \ - $DEV_HOME/.config/nvim/lua/config/lazy.lua \ - $DEV_HOME/.config/nvim/lazyvim.json \ - $DEV_HOME/.config/nvim/lazy-lock.json \ - $DEV_HOME/.config/nvim/init.lua \ - $DEV_HOME/.config/nvim/README.md \ - $DEV_HOME/.config/nvim/LICENSE \ - $DEV_HOME/.config/tmux/tmux.conf \ - $DEV_HOME/.config/tmux/tmux.conf.local \ - $DEV_HOME/.config/zsh/fzf-git.sh && \ chown root:secproc $DEV_HOME/start.sh \ $DEV_HOME/.config/lazygit/config.yml \ $DEV_HOME/.config/nvim/lua/config/lazy.lua \ @@ -72,7 +63,6 @@ buildah run "$ctr" -- bash -c "\ $DEV_HOME/.config/tmux/tmux.conf.local \ $DEV_HOME/.config/zsh/fzf-git.sh && \ chmod -R 750 $DEV_HOME/.config/zsh/ohmyzsh && \ - setfacl -R -m u:devuser:--x $DEV_HOME/.config/zsh/ohmyzsh && \ chown -R root:secproc $DEV_HOME/.config/zsh/ohmyzsh "