From 45bb3f23ffa4b22f7f64be68181cf650452d9d98 Mon Sep 17 00:00:00 2001 From: Duy Dang Date: Tue, 15 Oct 2019 10:38:17 +0700 Subject: rcar-gen3: systemd: Add safe transition to non-owned item Since safe transition check feature breaks the rootfs created by different users, this allows /var/volatile to be mounted as a non-owned directory (uid=65534) and defines the transition from a normal file/directory to non-owned one as a safe transition. Signed-off-by: Duy Dang Signed-off-by: Takamitsu Honda Change-Id: I5ed4bfb7e5bd7cc08fa45cde4b849184e3ecb335 --- meta-rcar-gen3/recipes-core/base-files/base-files/fstab | 2 +- .../add-non-owned-item-for-safe-transitioning.patch | 14 ++++++++++++++ meta-rcar-gen3/recipes-core/systemd/systemd_%.bbappend | 5 +++++ 3 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 meta-rcar-gen3/recipes-core/systemd/systemd/add-non-owned-item-for-safe-transitioning.patch diff --git a/meta-rcar-gen3/recipes-core/base-files/base-files/fstab b/meta-rcar-gen3/recipes-core/base-files/base-files/fstab index e5aa4f7..30898a4 100644 --- a/meta-rcar-gen3/recipes-core/base-files/base-files/fstab +++ b/meta-rcar-gen3/recipes-core/base-files/base-files/fstab @@ -4,7 +4,7 @@ proc /proc proc defaults 0 0 devpts /dev/pts devpts mode=0620,gid=5 0 0 tmpfs /run tmpfs mode=0755,nodev,nosuid,strictatime 0 0 -tmpfs /var/volatile tmpfs uid=1000,gid=1000 0 0 +tmpfs /var/volatile tmpfs uid=65534,gid=65534 0 0 # uncomment this if your device has a SD/MMC/Transflash slot #/dev/mmcblk0p1 /media/card auto defaults,sync,noauto 0 0 diff --git a/meta-rcar-gen3/recipes-core/systemd/systemd/add-non-owned-item-for-safe-transitioning.patch b/meta-rcar-gen3/recipes-core/systemd/systemd/add-non-owned-item-for-safe-transitioning.patch new file mode 100644 index 0000000..631db30 --- /dev/null +++ b/meta-rcar-gen3/recipes-core/systemd/systemd/add-non-owned-item-for-safe-transitioning.patch @@ -0,0 +1,14 @@ +diff --git a/src/basic/fs-util.c b/src/basic/fs-util.c +index b2ac648..553a77a 100644 +--- a/src/basic/fs-util.c ++++ b/src/basic/fs-util.c +@@ -668,6 +668,9 @@ static bool unsafe_transition(const struct stat *a, const struct stat *b) { + if (a->st_uid == 0) /* Transitioning from privileged to unprivileged is always fine */ + return false; + ++ if (b->st_uid == 65534) /* Transitioning to a non-owned is OK too */ ++ return false; ++ + return a->st_uid != b->st_uid; /* Otherwise we need to stay within the same UID */ + } + diff --git a/meta-rcar-gen3/recipes-core/systemd/systemd_%.bbappend b/meta-rcar-gen3/recipes-core/systemd/systemd_%.bbappend index 9f5978c..b77e9bd 100644 --- a/meta-rcar-gen3/recipes-core/systemd/systemd_%.bbappend +++ b/meta-rcar-gen3/recipes-core/systemd/systemd_%.bbappend @@ -1 +1,6 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +SRC_URI_append_rcar-gen3 = " file://add-non-owned-item-for-safe-transitioning.patch" + PACKAGECONFIG_remove_rcar-gen3 = "timesyncd" + -- cgit 1.2.3-korg