[OE-core] [PATCH] shadow: 'useradd' copies root's extended attributes

[José Bollo]

On Thu, 09 Mar 2017 17:07:54 +0100
Patrick Ohly <patrick.ohly at intel.com> wrote:

> On Thu, 2017-03-09 at 15:07 +0100, jobol at nonadev.net wrote:
> > From: José Bollo <jose.bollo at iot.bzh>
> > 
> > The copy of extended attributes is interesting for
> > Smack systems because it allows to set the security
> > template of the user's home directories without
> > modifying the tools (useradd here). But the version
> > of useradd that copies the extended attributes doesn't
> > copy the extended attributes of the root. This can make
> > use of homes impossible! This patch corrects the issue
> > by copying the extended attributes of the root directory:
> > /home/user will get the extended attributes of /etc/skel.  
> 
> Makes sense to me.
> 
> > This includes 2 patches to implement the behaviour:
> > one for the target and one for the native.
> > 
> > The patch for the target was submitted upstream (see
> > http://lists.alioth.debian.org/pipermail/pkg-shadow-commits/2017-March/003804.html)
> > 
> > The patch for the native couldn't be submitted upstream
> > because it applies after the patch specific to open-embedded
> > that creates the parent directories:
> >   0001-useradd.c-create-parent-directories-when-necessary.patch  
> 
> Can't you reorder and rebase the patches so that this
> 0001-useradd.c-create-parent-directories-when-necessary.patch applies
> on top of the patch which was submitted upstream?

I agree that it would be better to reorder. Better but less
conservative because an existing patch must be upgraded.

> "devtool modify shadow-native" might be useful for that. "git rebase
> -i" in workspace/sources/shadow-native", then finish with "devtool
> update-recipe shadow-native". I haven't tried whether "update-recipe"
> handles re-ordering patches. If it doesn't, just fix it manually.

I'll do and propose the new version soon.