[oe-commits] Bogdan Purcareata : shadow: enable support for subordinate IDs
git at git.openembedded.org
git at git.openembedded.org
Tue Nov 4 10:29:00 UTC 2014
Module: openembedded-core.git
Branch: master
Commit: 8548868c05e52700fd4712298b1705b8ec7ae446
URL: http://git.openembedded.org/?p=openembedded-core.git&a=commit;h=8548868c05e52700fd4712298b1705b8ec7ae446
Author: Bogdan Purcareata <bogdan.purcareata at freescale.com>
Date: Mon Oct 27 11:51:34 2014 -0400
shadow: enable support for subordinate IDs
The subordinate IDs support in pkg-shadow allows unprivileged users to manage a
set of UIDs and GIDs. These subordinate IDs are specified by root, and can be
further used by the unprivileged user they have been assigned to. This user can
then create an e.g. user namespace, where he is allowed to manage his own set of
users and group from the pool of subordinate IDs. More details can be found at
http://lwn.net/Articles/533617/.
Pull a required change from upstream in order to make shadow cross-compile with
subordinate IDs support. Enable flag in recipe.
Changes since v1:
- update changelog
Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
---
..._of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch | 41 ++++++++++++++++++++++
meta/recipes-extended/shadow/shadow.inc | 3 +-
2 files changed, 43 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch b/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch
new file mode 100644
index 0000000..185590c
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch
@@ -0,0 +1,41 @@
+From 2cb54158b80cdbd97ca3b36df83f9255e923ae3f Mon Sep 17 00:00:00 2001
+From: James Le Cuirot <chewi at aura-online.co.uk>
+Date: Sat, 23 Aug 2014 09:46:39 +0100
+Subject: [PATCH] Check size of uid_t and gid_t using AC_CHECK_SIZEOF
+
+This built-in check is simpler than the previous method and, most
+importantly, works when cross-compiling.
+
+Upstream-Status: Accepted
+[https://github.com/shadow-maint/shadow/commit/2cb54158b80cdbd97ca3b36df83f9255e923ae3f]
+
+Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
+---
+ configure.in | 14 ++++----------
+ 1 file changed, 4 insertions(+), 10 deletions(-)
+
+diff --git a/configure.in b/configure.in
+index 1a3f841..4a4d6d0 100644
+--- a/configure.in
++++ b/configure.in
+@@ -335,16 +335,10 @@ if test "$enable_subids" != "no"; then
+ dnl
+ dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc
+ dnl
+- AC_RUN_IFELSE([AC_LANG_SOURCE([
+-#include <sys/types.h>
+-int main(void) {
+- uid_t u;
+- gid_t g;
+- return (sizeof u < 4) || (sizeof g < 4);
+-}
+- ])], [id32bit="yes"], [id32bit="no"])
+-
+- if test "x$id32bit" = "xyes"; then
++ AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"])
++ AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"])
++
++ if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4; then
+ AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.])
+ enable_subids="yes"
+ else
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
index 6a769df..131e541 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -16,6 +16,7 @@ SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \
file://fix-installation-failure-with-subids-disabled.patch \
file://0001-su.c-fix-to-exec-command-correctly.patch \
file://0001-Do-not-read-login.defs-before-doing-chroot.patch \
+ file://check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch \
${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
"
@@ -52,7 +53,7 @@ EXTRA_OECONF += "--without-audit \
--without-libcrack \
--without-selinux \
--with-group-name-max-length=24 \
- --enable-subordinate-ids=no \
+ --enable-subordinate-ids=yes \
${NSCDOPT}"
NSCDOPT = ""
More information about the Openembedded-commits
mailing list