aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2017-03-07 17:30:18 +0100
committerStephane Desneux <stephane.desneux@iot.bzh>2017-03-27 15:33:40 +0200
commit91ee2f30326ae626b40f6a80dc47eac1085051b9 (patch)
treec197a90e2e8f61491bf32ebe26fa1935b2e93286
parent953167ff715a932338ce55c63b6115cb7352157f (diff)
shadow: 'useradd' copies root's extended attributes
The copy of extended attributes is interesting for Smack systems because it allows to set the security template of the user's home directories without modifying the tools (useradd here). But the version of useradd that copies the extended attributes doesn't copy the extended attributes of the root. This can make use of homes impossible! This patch corrects the issue by copying the extended attributes of the root. This includes 2 patches to implement the behaviour: one for the target and one for the native. The patch for the target was submitted upstream (see below) The patch for the native couldn't be submitted upstream because it applies on a patch specific to open-embedded (that was refused upstream). Upstream-Status: Submitted (http://lists.alioth.debian.org/pipermail/pkg-shadow-commits/2017-March/003804.html) Change-Id: I7ced318a02206fd3f15a6995f59bb82b6c6453d5 Signed-off-by: José Bollo <jose.bollo@iot.bzh> Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
-rw-r--r--meta-app-framework/recipes-extended/shadow/files/0001-useradd-copy-extended-attributes-of-home-native.patch45
-rw-r--r--meta-app-framework/recipes-extended/shadow/files/0001-useradd-copy-extended-attributes-of-home.patch45
-rw-r--r--meta-app-framework/recipes-extended/shadow/shadow_%.bbappend4
3 files changed, 94 insertions, 0 deletions
diff --git a/meta-app-framework/recipes-extended/shadow/files/0001-useradd-copy-extended-attributes-of-home-native.patch b/meta-app-framework/recipes-extended/shadow/files/0001-useradd-copy-extended-attributes-of-home-native.patch
new file mode 100644
index 000000000..ff420d8a2
--- /dev/null
+++ b/meta-app-framework/recipes-extended/shadow/files/0001-useradd-copy-extended-attributes-of-home-native.patch
@@ -0,0 +1,45 @@
+From 008637fc8bd7f601eb6554d572bba025613913b7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
+Date: Wed, 8 Mar 2017 14:10:10 +0100
+Subject: [PATCH] useradd: copy extended attributes of home (native)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The Home directory wasn't getting the extended attributes
+of /etc/skel. This patch fixes that issue and adds the copy
+of the extended attributes of the root of the home directory.
+
+Change-Id: Ib6836e1b18c4c7f73e02c1f1fc9558dc749ba9da
+Signed-off-by: José Bollo <jose.bollo@iot.bzh>
+---
+ src/useradd.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/useradd.c b/src/useradd.c
+index 4c418af..8ba8af6 100644
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -55,6 +55,9 @@
+ #include <sys/stat.h>
+ #include <sys/types.h>
+ #include <time.h>
++#ifdef WITH_ATTR
++#include <attr/libattr.h>
++#endif
+ #include "chkname.h"
+ #include "defines.h"
+ #include "faillog.h"
+@@ -1950,6 +1953,9 @@ static void create_home (void)
+ chown (user_home, user_id, user_gid);
+ chmod (user_home,
+ 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
++#ifdef WITH_ATTR
++ attr_copy_file (def_template, user_home, NULL, NULL);
++#endif
+ home_added = true;
+ #ifdef WITH_AUDIT
+ audit_logger (AUDIT_ADD_USER, Prog,
+--
+2.9.3
+
diff --git a/meta-app-framework/recipes-extended/shadow/files/0001-useradd-copy-extended-attributes-of-home.patch b/meta-app-framework/recipes-extended/shadow/files/0001-useradd-copy-extended-attributes-of-home.patch
new file mode 100644
index 000000000..f231c3cfe
--- /dev/null
+++ b/meta-app-framework/recipes-extended/shadow/files/0001-useradd-copy-extended-attributes-of-home.patch
@@ -0,0 +1,45 @@
+From acec93540eba6899661c607408498ac72ab07a47 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
+Date: Tue, 7 Mar 2017 16:03:03 +0100
+Subject: [PATCH] useradd: copy extended attributes of home
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The Home directory wasn't getting the extended attributes
+of /etc/skel. This patch fixes that issue and adds the copy
+of the extended attributes of the root of the home directory.
+
+Change-Id: Icd633f7c6c494efd2a30cb8f04c306f749ad0c3b
+Signed-off-by: José Bollo <jose.bollo@iot.bzh>
+---
+ src/useradd.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/useradd.c b/src/useradd.c
+index a8a1f76..8aefb9c 100644
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -52,6 +52,9 @@
+ #include <sys/stat.h>
+ #include <sys/types.h>
+ #include <time.h>
++#ifdef WITH_ATTR
++#include <attr/libattr.h>
++#endif
+ #include "chkname.h"
+ #include "defines.h"
+ #include "faillog.h"
+@@ -1915,6 +1918,9 @@ static void create_home (void)
+ chown (user_home, user_id, user_gid);
+ chmod (user_home,
+ 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
++#ifdef WITH_ATTR
++ attr_copy_file (def_template, user_home, NULL, NULL);
++#endif
+ home_added = true;
+ #ifdef WITH_AUDIT
+ audit_logger (AUDIT_ADD_USER, Prog,
+--
+2.9.3
+
diff --git a/meta-app-framework/recipes-extended/shadow/shadow_%.bbappend b/meta-app-framework/recipes-extended/shadow/shadow_%.bbappend
new file mode 100644
index 000000000..f08435502
--- /dev/null
+++ b/meta-app-framework/recipes-extended/shadow/shadow_%.bbappend
@@ -0,0 +1,4 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+SRC_URI_append_class-target = " file://0001-useradd-copy-extended-attributes-of-home.patch "
+SRC_URI_append_class-native = " file://0001-useradd-copy-extended-attributes-of-home-native.patch "