From 82cf71c5a159224cf5e1bdaa3d16d33e0566e080 Mon Sep 17 00:00:00 2001
From: Achilleas Koutsou <achilleas@koutsou.net>
Date: Tue, 9 Nov 2021 13:43:33 +0100
Subject: [PATCH] distro/rhel90: make nginx log and lib directories world
 writable

Previously, we only needed the log directory to be writeable.
In newer versions of nginx, it also needs to create directories in
/var/lib/nginx, so we make that directory writeable and traversable as
well.
---
 internal/distro/rhel90/pipelines.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/internal/distro/rhel90/pipelines.go b/internal/distro/rhel90/pipelines.go
index 6c45eb2e3..f2e8961fb 100644
--- a/internal/distro/rhel90/pipelines.go
+++ b/internal/distro/rhel90/pipelines.go
@@ -1017,9 +1017,10 @@ func containerTreePipeline(repos []rpmmd.RepoConfig, packages []rpmmd.PackageSpe
 		ostreePullStageInputs("org.osbuild.pipeline", "name:ostree-commit", options.OSTree.Ref),
 	))
 
-	// make nginx log directory world writeable, otherwise nginx can't start in
+	// make nginx log and lib directories world writeable, otherwise nginx can't start in
 	// an unprivileged container
-	p.AddStage(osbuild.NewChmodStage(chmodStageOptions("/var/log/nginx", "o+w", true)))
+	p.AddStage(osbuild.NewChmodStage(chmodStageOptions("/var/log/nginx", "a+rwX", true)))
+	p.AddStage(osbuild.NewChmodStage(chmodStageOptions("/var/lib/nginx", "a+rwX", true)))
 
 	p.AddStage(osbuild.NewNginxConfigStage(nginxConfigStageOptions(nginxConfigPath, htmlRoot, listenPort)))
 	return p