[OE-core] [PATCH] shadow: enable support for subordinate IDs
Bogdan Purcareata
bogdan.purcareata at freescale.com
Thu Oct 23 18:26:03 UTC 2014
Subordinate IDs support is required in order to enable creation of unprivileged
containers. Pull a required change from upstream in order to make shadow
cross-compile with subordinate IDs support. Enable flag in recipe.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
---
..._of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch | 41 ++++++++++++++++++++
meta/recipes-extended/shadow/shadow.inc | 3 +-
2 files changed, 43 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch
diff --git a/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch b/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch
new file mode 100644
index 0000000..185590c
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch
@@ -0,0 +1,41 @@
+From 2cb54158b80cdbd97ca3b36df83f9255e923ae3f Mon Sep 17 00:00:00 2001
+From: James Le Cuirot <chewi at aura-online.co.uk>
+Date: Sat, 23 Aug 2014 09:46:39 +0100
+Subject: [PATCH] Check size of uid_t and gid_t using AC_CHECK_SIZEOF
+
+This built-in check is simpler than the previous method and, most
+importantly, works when cross-compiling.
+
+Upstream-Status: Accepted
+[https://github.com/shadow-maint/shadow/commit/2cb54158b80cdbd97ca3b36df83f9255e923ae3f]
+
+Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
+---
+ configure.in | 14 ++++----------
+ 1 file changed, 4 insertions(+), 10 deletions(-)
+
+diff --git a/configure.in b/configure.in
+index 1a3f841..4a4d6d0 100644
+--- a/configure.in
++++ b/configure.in
+@@ -335,16 +335,10 @@ if test "$enable_subids" != "no"; then
+ dnl
+ dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc
+ dnl
+- AC_RUN_IFELSE([AC_LANG_SOURCE([
+-#include <sys/types.h>
+-int main(void) {
+- uid_t u;
+- gid_t g;
+- return (sizeof u < 4) || (sizeof g < 4);
+-}
+- ])], [id32bit="yes"], [id32bit="no"])
+-
+- if test "x$id32bit" = "xyes"; then
++ AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"])
++ AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"])
++
++ if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4; then
+ AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.])
+ enable_subids="yes"
+ else
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
index b2a5f0e..9fada0d 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -16,6 +16,7 @@ SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \
file://fix-installation-failure-with-subids-disabled.patch \
file://0001-su.c-fix-to-exec-command-correctly.patch \
file://0001-Do-not-read-login.defs-before-doing-chroot.patch \
+ file://check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch \
${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
"
@@ -52,7 +53,7 @@ EXTRA_OECONF += "--without-audit \
--without-libcrack \
--without-selinux \
--with-group-name-max-length=24 \
- --enable-subordinate-ids=no \
+ --enable-subordinate-ids=yes \
${NSCDOPT}"
NSCDOPT = ""
--
1.7.10.4
More information about the Openembedded-core
mailing list