[OE-core] [PATCH] shadow: 'useradd' copies root's extended attributes
Patrick Ohly
patrick.ohly at intel.com
Thu Mar 9 16:07:54 UTC 2017
On Thu, 2017-03-09 at 15:07 +0100, jobol at nonadev.net wrote:
> From: José Bollo <jose.bollo at iot.bzh>
>
> The copy of extended attributes is interesting for
> Smack systems because it allows to set the security
> template of the user's home directories without
> modifying the tools (useradd here). But the version
> of useradd that copies the extended attributes doesn't
> copy the extended attributes of the root. This can make
> use of homes impossible! This patch corrects the issue
> by copying the extended attributes of the root directory:
> /home/user will get the extended attributes of /etc/skel.
Makes sense to me.
> This includes 2 patches to implement the behaviour:
> one for the target and one for the native.
>
> The patch for the target was submitted upstream (see
> http://lists.alioth.debian.org/pipermail/pkg-shadow-commits/2017-March/003804.html)
>
> The patch for the native couldn't be submitted upstream
> because it applies after the patch specific to open-embedded
> that creates the parent directories:
> 0001-useradd.c-create-parent-directories-when-necessary.patch
Can't you reorder and rebase the patches so that this
0001-useradd.c-create-parent-directories-when-necessary.patch applies on
top of the patch which was submitted upstream?
"devtool modify shadow-native" might be useful for that. "git rebase -i"
in workspace/sources/shadow-native", then finish with "devtool
update-recipe shadow-native". I haven't tried whether "update-recipe"
handles re-ordering patches. If it doesn't, just fix it manually.
--
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.
More information about the Openembedded-core
mailing list