summaryrefslogtreecommitdiffstats
path: root/meta-app-framework/recipes-core/base-files
AgeCommit message (Collapse)AuthorFilesLines
2019-06-19Enforce separation of users using UMASKJosé Bollo1-2/+4
Users should not be able to read other user content. Use Umask to enforce that. Bug-AGL: SPEC-1016 Change-Id: Ibb61b7a6a7617117a499650c5bd70bdd5af3c328 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-10-31meta-app-framework/base-files: fix /usr/local symlink target pathStephane Desneux1-1/+1
/usr/local should point to ../var/local (and not ../../var/local) Thanks to Vasyl Vavrychuk <vvavrychuk@gmail.com> Bug-AGL: SPEC-1844 Change-Id: I700065290deff979db2e74cb68eae78ef55cda9c Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
2018-02-13Remove smack recipeJosé Bollo1-2/+2
smack user space library is provided by meta-security Change-Id: Ifb5e88e5f5a1aab3e695ab91a56d8c55c33fd004 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2018-02-13Rename smack OVERRIDE to with-lsm-smackJosé Bollo1-4/+4
Using the OVERRIDE "smack" came with the use of the layer meta-intel-iot-security. When switching to meta-security, it conflicts with the package name 'smack' that provide the smack user library. Yocto was reporting the following error: ERROR: .../meta-security/recipes-security/smack/smack_1.3.0.bb: QA Issue: Recipe .../meta-security/recipes-security/smack/smack_1.3.0.bb has PN of "smack" which is in OVERRIDES, this can result in unexpected behaviour. [pn-overrides] Change-Id: Id71b283bf1ce5682bd94bf96595eb32506acb1d5 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
2017-11-30agl-users: Use UID for HOME directories and loginsJosé Bollo1-0/+1
While dealing with systemd as a launcher, it appeared a limitation. If the template argument of units is used to designate the user it can not be different that the UID as a number because systemd enforce XDG_RUNTIME_DIR to be /run/user/<UID>. Thus using UID is the way to go to use template mechanic of systemd and use systemd as launcher. This is of importance because we don't expect systemd user to have full capabilities. Instead the framework will continue to leverage systemd launching mechanism but at a system level, with full capabilities but wil only allow user applications to deal with systemd --user. This impose to use UID as template parameters. The problem is then to set the user directory to the correct value knowing only the UID and using only possibilities of units. The only way is to have user home directories of the form /SOMETHING/<UID> (where SOMETHING is merely "home"). This can be achieved either by setting a symbolic link (hard link tto directories are forbidden) or by simply using the scheme /home/UID in all cases. At the end, users within AGL will not receive nick names but will receive allocated UID. So, at the end, it is not a problem to use the regular naming scheme /home/UID, a scheme that will probably never be seen except by tools or experts. This patch implement this choice. Change-Id: I225958fa627894cb966f52a06ebd8a914058d429 Signed-off-by: José Bollo <jose.bollo@iot.bzh> Reviewed-on: https://gerrit.automotivelinux.org/gerrit/12137 Tested-by: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org> ci-image-build: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org> Reviewed-by: Stéphane Desneux <stephane.desneux@iot.bzh> Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2017-09-15Fix post install script dependencyRonan Le Martret1-1/+1
* Since yocto pyro we need to declare PACKAGE_WRITE_DEPS, dependency for post install script http://www.yoctoproject.org/docs/2.3/mega-manual/mega-manual.html#var-PACKAGE_WRITE_DEPS * we alsa need to explicit exit 1 if post script failed Bug-AGL: SPEC-646 Bug-AGL: SPEC-825 Change-Id: Ic15f8af884895fecacceb9886de5bebe591a2be0 Signed-off-by: Ronan Le Martret <ronan.lemartret@iot.bzh> Reviewed-on: https://gerrit.automotivelinux.org/gerrit/10883 Reviewed-by: Stéphane Desneux <stephane.desneux@iot.bzh> Reviewed-by: Thomas Rini <trini@konsulko.com> Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> Tested-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2017-05-19Make /usr/local compatible with SOTAJosé Bollo1-0/+7
This provides a link from /usr/local to ../../var/local that enforces file hierarchy local to the machine to be in a directory frankly separated from /usr. This is important for SOTA/OSTree that must not manage the locally installed files. But this is also important for correctly separating layers of the target. For this reason, the change is not conditionnal to SOTA. Bug-AGL: SPEC-359 Bug-AGL: SPEC-533 Change-Id: I0a709ba15582a011a43f3a3b68d4230bae11b658 Signed-off-by: José Bollo <jose.bollo@iot.bzh> Reviewed-on: https://gerrit.automotivelinux.org/gerrit/9071 Tested-by: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org> ci-image-build: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org> Reviewed-by: Stéphane Desneux <stephane.desneux@iot.bzh> Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2017-03-27base-files for the frameworkJosé Bollo1-0/+22
This setting is introduced primarily to allow the recipe agl-users to run in a correct environment. Change-Id: Ib0bd7c8e6520bd87dbb26d9c011f5cb4672f44c7 Signed-off-by: José Bollo <jose.bollo@iot.bzh> Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>