Thanks to anyone who replied, this was really helpful! Ohad
2008/5/5 Shachar Shemesh <[EMAIL PROTECTED]>: > Ohad Levy wrote: > > for embedded platform development, its required to create devices which > are hardware specific (i.e. our own modules). > > any way to reduce the risk? > > Thanks > > Are these modules loaded into the running kernel, or are they just being > created so they can be saved to the image for later extraction on the actual > platform. > > If the former, I don't know the details, but it should be possible to > construct the modules such that when they are loaded udev will automatically > create the device files for them. Then give them access to insmod and rmmod > (via sudo) only for those specific modules. > > If it's the later, then there is no need to give them root permission, of > any kind, at all. Use fakeroot (or my very own fakeroot-ng) to create > something that appears to the process that created them to be device files. > Then run tar/mkcramfs/mksquashfs/whatever from within the same fake root > process, and it will create the image with the right permissions. > > Last, you can give them sudo permissions to create only the specific > device files needed. This is only recommended for the first case, though. > > Sample session with fakeroot-ng: > > [EMAIL PROTECTED]:~$ mkdir /tmp/dir > [EMAIL PROTECTED]:~$ cd /tmp/dir > [EMAIL PROTECTED]:/tmp/dir$ fakeroot-ng -pstate mkdir dev > [EMAIL PROTECTED]:/tmp/dir$ fakeroot-ng -pstate mknod dev/sda b 8 0 > > Notice how the "mknod" call succeeded. Did it create a block device? > > [EMAIL PROTECTED]:/tmp/dir$ ls -la dev > total 8 > drwxr-xr-x 2 sun sun 4096 May 5 14:51 . > drwxr-xr-x 3 sun sun 4096 May 5 14:51 .. > -rw-r--r-- 1 sun sun 0 May 5 14:51 sda > > No. sda is just a regular file. However, fakeroot will tell you it did: > > [EMAIL PROTECTED]:/tmp/dir$ fakeroot-ng -pstate ls -la dev > total 8 > drwxr-xr-x 2 root root 4096 May 5 14:51 . > drwxr-xr-x 3 sun sun 4096 May 5 14:51 .. > brw-r--r-- 1 root root 8, 0 May 5 14:51 sda > > Suddenly it's owned by root, and is a block device, just like it's > supposed to be. Let's tar the directory from within fakeroot-ng: > > [EMAIL PROTECTED]:/tmp/dir$ fakeroot-ng -pstate tar cvzf dev.tgz dev > dev/ > dev/sda > > Now, even without fakeroot-ng, the tar file contains a block device owned > by root: > > [EMAIL PROTECTED]:/tmp/dir$ tar tvzf dev.tgz > drwxr-xr-x root/root 0 2008-05-05 14:51 dev/ > brw-r--r-- root/root 8,0 2008-05-05 14:51 dev/sda > > If we examine the directory we will also see the "state" file, where > fakeroot-ng stored the data between invocations so that it can be consistent > in how it lies: > > [EMAIL PROTECTED]:/tmp/dir$ ls -la > total 160 > drwxr-xr-x 3 sun sun 4096 May 5 14:52 . > drwxrwxrwt 14 root root 143360 May 5 14:51 .. > drwxr-xr-x 2 sun sun 4096 May 5 14:51 dev > -rw-r--r-- 1 sun sun 143 May 5 14:52 dev.tgz > -rw-r--r-- 1 sun sun 150 May 5 14:52 state > > Obviously, nothing is owned by root. > > You can get fakeroot from http://fakeroot.alioth.debian.org/, and > fakeroot-ng from http://sourceforge.net/projects/fakerootng. Fakeroot is > automatically available in any version of Debian that was released for the > past, oh, at least 10 years. Fakeroot-ng is available in Sid and Lenny. > > Shachar >
