[OE-core] [PATCH v2] shadow: enable support for subordinate IDs

bogdan.purcareata at freescale.com bogdan.purcareata at freescale.com
Mon Nov 3 13:09:29 UTC 2014 

Hello,

Can someone kindly review my patch? I haven't sent patches to this list yet and I don't know who the maintainer is.

Please let me know if there's anything else I can do in order to have this fix merged.

Thank you,
Bogdan P.

> -----Original Message-----
> From: Bogdan Purcareata [mailto:bogdan.purcareata at freescale.com]
> Sent: Monday, October 27, 2014 5:52 PM
> To: openembedded-core at lists.openembedded.org
> Cc: Purcareata Bogdan-B43198
> Subject: [PATCH v2] shadow: enable support for subordinate IDs
> 
> The subordinate IDs support in pkg-shadow allows unprivileged users to manage
> a
> set of UIDs and GIDs. These subordinate IDs are specified by root, and can be
> further used by the unprivileged user they have been assigned to. This user
> can
> then create an e.g. user namespace, where he is allowed to manage his own set
> of
> users and group from the pool of subordinate IDs. More details can be found at
> http://lwn.net/Articles/533617/.
> 
> Pull a required change from upstream in order to make shadow cross-compile
> with
> subordinate IDs support. Enable flag in recipe.
> 
> Changes since v1:
> - update changelog
> 
> Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
> ---
>  ..._of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch |   41
> ++++++++++++++++++++
>  meta/recipes-extended/shadow/shadow.inc            |    3 +-
>  2 files changed, 43 insertions(+), 1 deletion(-)
>  create mode 100644 meta/recipes-
> extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patc
> h
> 
> diff --git a/meta/recipes-
> extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patc
> h b/meta/recipes-
> extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patc
> h
> new file mode 100644
> index 0000000..185590c
> --- /dev/null
> +++ b/meta/recipes-
> extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patc
> h
> @@ -0,0 +1,41 @@
> +From 2cb54158b80cdbd97ca3b36df83f9255e923ae3f Mon Sep 17 00:00:00 2001
> +From: James Le Cuirot <chewi at aura-online.co.uk>
> +Date: Sat, 23 Aug 2014 09:46:39 +0100
> +Subject: [PATCH] Check size of uid_t and gid_t using AC_CHECK_SIZEOF
> +
> +This built-in check is simpler than the previous method and, most
> +importantly, works when cross-compiling.
> +
> +Upstream-Status: Accepted
> +[https://github.com/shadow-
> maint/shadow/commit/2cb54158b80cdbd97ca3b36df83f9255e923ae3f]
> +
> +Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> +---
> + configure.in | 14 ++++----------
> + 1 file changed, 4 insertions(+), 10 deletions(-)
> +
> +diff --git a/configure.in b/configure.in
> +index 1a3f841..4a4d6d0 100644
> +--- a/configure.in
> ++++ b/configure.in
> +@@ -335,16 +335,10 @@ if test "$enable_subids" != "no"; then
> + 	dnl
> + 	dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc
> + 	dnl
> +-	AC_RUN_IFELSE([AC_LANG_SOURCE([
> +-#include <sys/types.h>
> +-int main(void) {
> +-	uid_t u;
> +-	gid_t g;
> +-	return (sizeof u < 4) || (sizeof g < 4);
> +-}
> +-	])], [id32bit="yes"], [id32bit="no"])
> +-
> +-	if test "x$id32bit" = "xyes"; then
> ++	AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"])
> ++	AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"])
> ++
> ++	if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4;
> then
> + 		AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate
> IDs.])
> + 		enable_subids="yes"
> + 	else
> diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-
> extended/shadow/shadow.inc
> index b2a5f0e..9fada0d 100644
> --- a/meta/recipes-extended/shadow/shadow.inc
> +++ b/meta/recipes-extended/shadow/shadow.inc
> @@ -16,6 +16,7 @@ SRC_URI = "http://pkg-
> shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \
>             file://fix-installation-failure-with-subids-disabled.patch \
>             file://0001-su.c-fix-to-exec-command-correctly.patch \
>             file://0001-Do-not-read-login.defs-before-doing-chroot.patch \
> +           file://check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch \
>             ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '',
> d)} \
>             "
> 
> @@ -52,7 +53,7 @@ EXTRA_OECONF += "--without-audit \
>                   --without-libcrack \
>                   --without-selinux \
>                   --with-group-name-max-length=24 \
> -                 --enable-subordinate-ids=no \
> +                 --enable-subordinate-ids=yes \
>                   ${NSCDOPT}"
> 
>  NSCDOPT = ""
> --
> 1.7.10.4

More information about the Openembedded-core mailing list