[OE-core] [PATCH] shadow: 'useradd' copies root's extended attributes
Patrick Ohly
patrick.ohly at intel.com
Wed Jan 10 11:15:19 UTC 2018
On Tue, 2018-01-09 at 11:51 -0600, Mark Hatle wrote:
> On 1/4/18 4:41 AM, Patrick Ohly wrote:
> > On Thu, 2018-01-04 at 11:18 +0100, José Bollo wrote:
> > > > Do you agree to move the patch to Smack specific layer? Such
> > > > as
> > > > meta-security?
> > >
> > > I agree.
> >
> > Layers like meta-security should not modify recipes from other
> > layers,
> > at least not by default. That would violate the "Yocto Compatible
> > 2.0"
> > rules.
>
> You can modify (bbappend) to an existing recipe. You can't change
> the behavior
> (specifically the md5sum) of the function though, unless that new
> functionality
> is enabled.)
That's what I meant with "by default".
> 'smack' should be able to do the same thing, with a similar distro
> feature.
I'm not convinced that building core components differently depending
on such distro features is desirable, because it makes "smack" and
"selinux" mutually exclusive. I'd prefer a solution where support for
both can be enabled and then on the image itself the tools decide what
to do. Whether that's always possible of course is a different
question.
In this case I think it is, by adding the exception for
security.selinux. But I'll leave that up to you and Jose to decide.
--
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.
More information about the Openembedded-core
mailing list