summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDuy Dang <duy.dang.yw@renesas.com>2019-10-15 10:38:17 +0700
committerKhang Nguyen <khang.nguyen.xw@renesas.com>2019-12-24 15:24:26 +0700
commit45bb3f23ffa4b22f7f64be68181cf650452d9d98 (patch)
treef4d2ca0b25c228eb7fed38fffd6f3f7ef3fef052
parent92b98157ce3b251ec0923008f8af19c8a07207f4 (diff)
rcar-gen3: systemd: Add safe transition to non-owned item
Since safe transition check feature breaks the rootfs created by different users, this allows /var/volatile to be mounted as a non-owned directory (uid=65534) and defines the transition from a normal file/directory to non-owned one as a safe transition. Signed-off-by: Duy Dang <duy.dang.yw@renesas.com> Signed-off-by: Takamitsu Honda <takamitsu.honda.pv@renesas.com> Change-Id: I5ed4bfb7e5bd7cc08fa45cde4b849184e3ecb335
-rw-r--r--meta-rcar-gen3/recipes-core/base-files/base-files/fstab2
-rw-r--r--meta-rcar-gen3/recipes-core/systemd/systemd/add-non-owned-item-for-safe-transitioning.patch14
-rw-r--r--meta-rcar-gen3/recipes-core/systemd/systemd_%.bbappend5
3 files changed, 20 insertions, 1 deletions
diff --git a/meta-rcar-gen3/recipes-core/base-files/base-files/fstab b/meta-rcar-gen3/recipes-core/base-files/base-files/fstab
index e5aa4f7..30898a4 100644
--- a/meta-rcar-gen3/recipes-core/base-files/base-files/fstab
+++ b/meta-rcar-gen3/recipes-core/base-files/base-files/fstab
@@ -4,7 +4,7 @@
proc /proc proc defaults 0 0
devpts /dev/pts devpts mode=0620,gid=5 0 0
tmpfs /run tmpfs mode=0755,nodev,nosuid,strictatime 0 0
-tmpfs /var/volatile tmpfs uid=1000,gid=1000 0 0
+tmpfs /var/volatile tmpfs uid=65534,gid=65534 0 0
# uncomment this if your device has a SD/MMC/Transflash slot
#/dev/mmcblk0p1 /media/card auto defaults,sync,noauto 0 0
diff --git a/meta-rcar-gen3/recipes-core/systemd/systemd/add-non-owned-item-for-safe-transitioning.patch b/meta-rcar-gen3/recipes-core/systemd/systemd/add-non-owned-item-for-safe-transitioning.patch
new file mode 100644
index 0000000..631db30
--- /dev/null
+++ b/meta-rcar-gen3/recipes-core/systemd/systemd/add-non-owned-item-for-safe-transitioning.patch
@@ -0,0 +1,14 @@
+diff --git a/src/basic/fs-util.c b/src/basic/fs-util.c
+index b2ac648..553a77a 100644
+--- a/src/basic/fs-util.c
++++ b/src/basic/fs-util.c
+@@ -668,6 +668,9 @@ static bool unsafe_transition(const struct stat *a, const struct stat *b) {
+ if (a->st_uid == 0) /* Transitioning from privileged to unprivileged is always fine */
+ return false;
+
++ if (b->st_uid == 65534) /* Transitioning to a non-owned is OK too */
++ return false;
++
+ return a->st_uid != b->st_uid; /* Otherwise we need to stay within the same UID */
+ }
+
diff --git a/meta-rcar-gen3/recipes-core/systemd/systemd_%.bbappend b/meta-rcar-gen3/recipes-core/systemd/systemd_%.bbappend
index 9f5978c..b77e9bd 100644
--- a/meta-rcar-gen3/recipes-core/systemd/systemd_%.bbappend
+++ b/meta-rcar-gen3/recipes-core/systemd/systemd_%.bbappend
@@ -1 +1,6 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+
+SRC_URI_append_rcar-gen3 = " file://add-non-owned-item-for-safe-transitioning.patch"
+
PACKAGECONFIG_remove_rcar-gen3 = "timesyncd"
+