summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2017-10-12 22:54:23 +0200
committerJan-Simon Moeller <jsmoeller@linuxfoundation.org>2017-11-30 13:13:49 +0000
commit5fccb1081844131fcc9065cf13d1b28a80e26c2d (patch)
treedbbc58f5ed76aff2ee91e427c3dd4922b3b3637e
parentabeee5eb5ff5d60fb248c4b79de78e71e53edc82 (diff)
agl-users: Use UID for HOME directories and logins
While dealing with systemd as a launcher, it appeared a limitation. If the template argument of units is used to designate the user it can not be different that the UID as a number because systemd enforce XDG_RUNTIME_DIR to be /run/user/<UID>. Thus using UID is the way to go to use template mechanic of systemd and use systemd as launcher. This is of importance because we don't expect systemd user to have full capabilities. Instead the framework will continue to leverage systemd launching mechanism but at a system level, with full capabilities but wil only allow user applications to deal with systemd --user. This impose to use UID as template parameters. The problem is then to set the user directory to the correct value knowing only the UID and using only possibilities of units. The only way is to have user home directories of the form /SOMETHING/<UID> (where SOMETHING is merely "home"). This can be achieved either by setting a symbolic link (hard link tto directories are forbidden) or by simply using the scheme /home/UID in all cases. At the end, users within AGL will not receive nick names but will receive allocated UID. So, at the end, it is not a problem to use the regular naming scheme /home/UID, a scheme that will probably never be seen except by tools or experts. This patch implement this choice. Change-Id: I225958fa627894cb966f52a06ebd8a914058d429 Signed-off-by: José Bollo <jose.bollo@iot.bzh> Reviewed-on: https://gerrit.automotivelinux.org/gerrit/12137 Tested-by: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org> ci-image-build: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org> Reviewed-by: Stéphane Desneux <stephane.desneux@iot.bzh> Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
-rw-r--r--meta-agl/files/group2
-rw-r--r--meta-agl/files/passwd4
-rw-r--r--meta-agl/recipes-config/agl-login-manager/agl-login-manager_0.1.bb2
-rw-r--r--meta-app-framework/conf/include/agl-appfw-smack.inc2
-rw-r--r--meta-app-framework/recipes-config/agl-users/agl-users_0.1.bb13
-rw-r--r--meta-app-framework/recipes-core/base-files/base-files_%.bbappend1
6 files changed, 18 insertions, 6 deletions
diff --git a/meta-agl/files/group b/meta-agl/files/group
index dee2ad912..d910f0f83 100644
--- a/meta-agl/files/group
+++ b/meta-agl/files/group
@@ -84,3 +84,5 @@ opensaf::957:
lldpd::956:
postdrop::954:
display::200:
+agl-driver::1001:
+agl-passenger::1002:
diff --git a/meta-agl/files/passwd b/meta-agl/files/passwd
index c992e52ff..df4c23e74 100644
--- a/meta-agl/files/passwd
+++ b/meta-agl/files/passwd
@@ -21,8 +21,8 @@ dhcp::998:998:::
avahi::997:997:::
sshd::996:996:::
systemd-bus-proxy::995:995:::
-agl-driver::1000:100:::
-agl-passenger::1001:100:::
+agl-driver::1001:1001:::
+agl-passenger::1002:1002:::
messagebus::994:994:::
afm::992:992:::
systemd-timesync::988:988:::
diff --git a/meta-agl/recipes-config/agl-login-manager/agl-login-manager_0.1.bb b/meta-agl/recipes-config/agl-login-manager/agl-login-manager_0.1.bb
index c86838268..44a4fd36a 100644
--- a/meta-agl/recipes-config/agl-login-manager/agl-login-manager_0.1.bb
+++ b/meta-agl/recipes-config/agl-login-manager/agl-login-manager_0.1.bb
@@ -12,7 +12,7 @@ SRC_URI += " \
file://agl-user-session@.service \
"
-LOGIN_USER ??="agl-driver agl-passenger"
+LOGIN_USER ??="1001 1002"
do_install_append() {
diff --git a/meta-app-framework/conf/include/agl-appfw-smack.inc b/meta-app-framework/conf/include/agl-appfw-smack.inc
index 133f6b04c..1d8ab0a77 100644
--- a/meta-app-framework/conf/include/agl-appfw-smack.inc
+++ b/meta-app-framework/conf/include/agl-appfw-smack.inc
@@ -14,3 +14,5 @@ IMAGE_FEATURES += "ssh-server-openssh"
PACKAGECONFIG_append_pn-shadow = " attr"
PACKAGECONFIG_append_pn-shadow-native = " attr"
+# set the home directory for root
+ROOT_HOME = "/home/0"
diff --git a/meta-app-framework/recipes-config/agl-users/agl-users_0.1.bb b/meta-app-framework/recipes-config/agl-users/agl-users_0.1.bb
index f98888d28..79a9461e0 100644
--- a/meta-app-framework/recipes-config/agl-users/agl-users_0.1.bb
+++ b/meta-app-framework/recipes-config/agl-users/agl-users_0.1.bb
@@ -11,10 +11,17 @@ ALLOW_EMPTY_${PN} = "1"
USERADD_PACKAGES = "${PN}"
-GROUPADD_PARAM_${PN} = " --system display ; --system weston-launch"
+USERADDEXTENSION = "useradd-staticids"
+
+GROUPADD_PARAM_${PN} = "\
+ --system display ; \
+ --system weston-launch ; \
+ -g 1001 agl-driver ; \
+ -g 1002 agl-passenger \
+"
USERADD_PARAM_${PN} = "\
- -g users -G display -d /home/agl-driver -m -K PASS_MAX_DAYS=-1 agl-driver ; \
- -g users -G display -d /home/agl-passenger -m -K PASS_MAX_DAYS=-1 agl-passenger ; \
+ -g 1001 -G display -u 1001 -o -d /home/1001 -m -K PASS_MAX_DAYS=-1 agl-driver ; \
+ -g 1002 -G display -u 1002 -o -d /home/1002 -m -K PASS_MAX_DAYS=-1 agl-passenger ; \
--gid display --groups weston-launch,video,input --home-dir /run/platform/display --shell /bin/false --comment \"Display daemon\" --key PASS_MAX_DAYS=-1 display \
"
diff --git a/meta-app-framework/recipes-core/base-files/base-files_%.bbappend b/meta-app-framework/recipes-core/base-files/base-files_%.bbappend
index 271fe77a6..636bcc4df 100644
--- a/meta-app-framework/recipes-core/base-files/base-files_%.bbappend
+++ b/meta-app-framework/recipes-core/base-files/base-files_%.bbappend
@@ -25,5 +25,6 @@ EOF
pkg_postinst_${PN}_append_smack() {
chsmack -r -a 'User::Home' -t -D $D/${sysconfdir}/skel
chsmack -a 'User::App-Shared' -D $D/${sysconfdir}/skel/app-data
+ cp -rTf --preserve=all $D/${sysconfdir}/skel $D/${ROOT_HOME}
}