[OE-core] [PATCH] util-linux: fix owner and group for binaries in resulting image
Jacob Kroon
jacob.kroon at gmail.com
Tue May 7 19:53:52 UTC 2019
Which host distributionen are you using?
On Tue, 7 May 2019, 14:47 Popov Anton, <Anton.Popov at t-platforms.ru> wrote:
> Hi,
>
> I don't think so. At the moment we are using rocko release and found this
> problem in util-linux-2.30 recipe.
>
> the problem is that util-linux builds with regular user permissions and
> result files are owned by user with uid 1000 in our case. for most of
> binaries in /bin and /sbin generated by util-linux this permissions issue
> is not a problem (Because all binaries has o+x set). But for those of them
> who have suid bit setted it became a real trouble.
>
> With best regards,
> Anton Popov
>
> ________________________________________
> От: Jacob Kroon [jacob.kroon at gmail.com]
> Отправлено: 7 мая 2019 г. 8:04
> Кому: Popov Anton
> Копия: openembedded-core at lists.openembedded.org
> Тема: Re: [OE-core] [PATCH] util-linux: fix owner and group for binaries
> in resulting image
>
> Hi,
> Are we sure this is not caused by the new glibc2.29/pseudo problems
> that has been seen previously ?
> Which distro are you building on, and which version of poky/oe are you
> using ?
> /Jacob
>
> On Mon, May 6, 2019 at 5:46 PM Popov Anton <Anton.Popov at t-platforms.ru>
> wrote:
> >
> > util-linux source produce some binaries with setuid bit set
> >
> > do_install function produce binaries in /sbin and /bin with uid:gid
> > of user who build image this lead to messages like this:
> > mount /dev/sdb1 /mnt/flash
> > mount: only root can do that (effective UID is 1000)
> > this patch changing owner of binaries in /bin and /sbin to 0:0
> >
> > Signed-off-by: Anton Popov <Anton.Popov at t-platforms.ru>
> > ---
> > meta/recipes-core/util-linux/util-linux.inc | 21 +++++++++++++++++++++
> > 1 file changed, 21 insertions(+)
> >
> > diff --git a/meta/recipes-core/util-linux/util-linux.inc
> b/meta/recipes-core/util-linux/util-linux.inc
> > index 34255a2dec..d75a2dd399 100644
> > --- a/meta/recipes-core/util-linux/util-linux.inc
> > +++ b/meta/recipes-core/util-linux/util-linux.inc
> > @@ -201,6 +201,27 @@ do_install () {
> > fi
> > }
> >
> > +# when building yocto image with non-root user some binaries appears in
> resulting
> > +# image with rights of user who build image. This behaviour may lead to
> misfunction
> > +# of some binaries like mount because of setuid bit on them:
> > +# mount /dev/sdb1 /mnt/flash
> > +# mount: only root can do that (effective UID is 1000)
> > +# ls -ld which mount
> > +# lrwxrwxrwx 1 root root 21 Jan 2 1970 /bin/mount
> -> /bin/mount.util-linux
> # root at mitx-fp32:/mnt/system/initrd#
> ls -ld /bin/mount.util-linux
> #
> -rwsr-xr-x 1 1000 1000 28020 Apr 23 12:49
> /bin/mount.util-linux
> > +do_install_append_class-target () {
> > + for p in $sbinprogs $sbinprogs_a; do
> > + if [ -f "${D}${base_sbindir}/$p" ]; then
> > + chown 0:0 "${D}${base_sbindir}/$p"
> > + fi
> > + done
> > + for p in $binprogs_a; do
> > + if [ -f "${D}${base_bindir}/$p" ]; then
> > + chown 0:0 "${D}${base_bindir}/$p"
> > + fi
> > + done
> > +}
> > +
> > +
> > # nologin causes a conflict with shadow-native
> > # kill causes a conflict with coreutils-native (if
> ${bindir}==${base_bindir})
> > do_install_append_class-native () {
> > --
> > 2.20.1
> > --
> > _______________________________________________
> > Openembedded-core mailing list
> > Openembedded-core at lists.openembedded.org
> > http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20190507/c38037c3/attachment-0001.html>
More information about the Openembedded-core
mailing list