Re: [OE-core] [PATCH] util-linux: fix owner and group for binaries in resulting image
Which host distributionen are you using? On Tue, 7 May 2019, 14:47 Popov Anton, wrote: > Hi, > > I don't think so. At the moment we are using rocko release and found this > problem in util-linux-2.30 recipe. > > the problem is that util-linux builds with regular user permissions and > result files are owned by user with uid 1000 in our case. for most of > binaries in /bin and /sbin generated by util-linux this permissions issue > is not a problem (Because all binaries has o+x set). But for those of them > who have suid bit setted it became a real trouble. > > With best regards, > Anton Popov > > > От: Jacob Kroon [jacob.kr...@gmail.com] > Отправлено: 7 мая 2019 г. 8:04 > Кому: Popov Anton > Копия: openembedded-core@lists.openembedded.org > Тема: Re: [OE-core] [PATCH] util-linux: fix owner and group for binaries > in resulting image > > Hi, > Are we sure this is not caused by the new glibc2.29/pseudo problems > that has been seen previously ? > Which distro are you building on, and which version of poky/oe are you > using ? > /Jacob > > On Mon, May 6, 2019 at 5:46 PM Popov Anton > wrote: > > > > util-linux source produce some binaries with setuid bit set > > > > do_install function produce binaries in /sbin and /bin with uid:gid > > of user who build image this lead to messages like this: > > mount /dev/sdb1 /mnt/flash > > mount: only root can do that (effective UID is 1000) > > this patch changing owner of binaries in /bin and /sbin to 0:0 > > > > Signed-off-by: Anton Popov > > --- > > meta/recipes-core/util-linux/util-linux.inc | 21 + > > 1 file changed, 21 insertions(+) > > > > diff --git a/meta/recipes-core/util-linux/util-linux.inc > b/meta/recipes-core/util-linux/util-linux.inc > > index 34255a2dec..d75a2dd399 100644 > > --- a/meta/recipes-core/util-linux/util-linux.inc > > +++ b/meta/recipes-core/util-linux/util-linux.inc > > @@ -201,6 +201,27 @@ do_install () { > > fi > > } > > > > +# when building yocto image with non-root user some binaries appears in > resulting > > +# image with rights of user who build image. This behaviour may lead to > misfunction > > +# of some binaries like mount because of setuid bit on them: > > +# mount /dev/sdb1 /mnt/flash > > +# mount: only root can do that (effective UID is 1000) > > +# ls -ld which mount > > +# lrwxrwxrwx1 root root21 Jan 2 1970 /bin/mount > -> /bin/mount.util-linux ># root@mitx-fp32:/mnt/system/initrd# > ls -ld /bin/mount.util-linux > # > -rwsr-xr-x1 1000 1000 28020 Apr 23 12:49 > /bin/mount.util-linux > > +do_install_append_class-target () { > > +for p in $sbinprogs $sbinprogs_a; do > > +if [ -f "${D}${base_sbindir}/$p" ]; then > > +chown 0:0 "${D}${base_sbindir}/$p" > > +fi > > +done > > +for p in $binprogs_a; do > > +if [ -f "${D}${base_bindir}/$p" ]; then > > +chown 0:0 "${D}${base_bindir}/$p" > > +fi > > +done > > +} > > + > > + > > # nologin causes a conflict with shadow-native > > # kill causes a conflict with coreutils-native (if > ${bindir}==${base_bindir}) > > do_install_append_class-native () { > > -- > > 2.20.1 > > -- > > ___ > > Openembedded-core mailing list > > Openembedded-core@lists.openembedded.org > > http://lists.openembedded.org/mailman/listinfo/openembedded-core > -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH] util-linux: fix owner and group for binaries in resulting image
Hi, Are we sure this is not caused by the new glibc2.29/pseudo problems that has been seen previously ? Which distro are you building on, and which version of poky/oe are you using ? /Jacob On Mon, May 6, 2019 at 5:46 PM Popov Anton wrote: > > util-linux source produce some binaries with setuid bit set > > do_install function produce binaries in /sbin and /bin with uid:gid > of user who build image this lead to messages like this: > mount /dev/sdb1 /mnt/flash > mount: only root can do that (effective UID is 1000) > this patch changing owner of binaries in /bin and /sbin to 0:0 > > Signed-off-by: Anton Popov > --- > meta/recipes-core/util-linux/util-linux.inc | 21 + > 1 file changed, 21 insertions(+) > > diff --git a/meta/recipes-core/util-linux/util-linux.inc > b/meta/recipes-core/util-linux/util-linux.inc > index 34255a2dec..d75a2dd399 100644 > --- a/meta/recipes-core/util-linux/util-linux.inc > +++ b/meta/recipes-core/util-linux/util-linux.inc > @@ -201,6 +201,27 @@ do_install () { > fi > } > > +# when building yocto image with non-root user some binaries appears in > resulting > +# image with rights of user who build image. This behaviour may lead to > misfunction > +# of some binaries like mount because of setuid bit on them: > +# mount /dev/sdb1 /mnt/flash > +# mount: only root can do that (effective UID is 1000) > +# ls -ld which mount > +# lrwxrwxrwx1 root root21 Jan 2 1970 /bin/mount -> > /bin/mount.util-linux > # root@mitx-fp32:/mnt/system/initrd# ls -ld > /bin/mount.util-linux ># -rwsr-xr-x1 > 1000 1000 28020 Apr 23 12:49 /bin/mount.util-linux > +do_install_append_class-target () { > +for p in $sbinprogs $sbinprogs_a; do > +if [ -f "${D}${base_sbindir}/$p" ]; then > +chown 0:0 "${D}${base_sbindir}/$p" > +fi > +done > +for p in $binprogs_a; do > +if [ -f "${D}${base_bindir}/$p" ]; then > +chown 0:0 "${D}${base_bindir}/$p" > +fi > +done > +} > + > + > # nologin causes a conflict with shadow-native > # kill causes a conflict with coreutils-native (if ${bindir}==${base_bindir}) > do_install_append_class-native () { > -- > 2.20.1 > -- > ___ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-core -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] util-linux: fix owner and group for binaries in resulting image
util-linux source produce some binaries with setuid bit set do_install function produce binaries in /sbin and /bin with uid:gid of user who build image this lead to messages like this: mount /dev/sdb1 /mnt/flash mount: only root can do that (effective UID is 1000) this patch changing owner of binaries in /bin and /sbin to 0:0 Signed-off-by: Anton Popov --- meta/recipes-core/util-linux/util-linux.inc | 21 + 1 file changed, 21 insertions(+) diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc index 34255a2dec..d75a2dd399 100644 --- a/meta/recipes-core/util-linux/util-linux.inc +++ b/meta/recipes-core/util-linux/util-linux.inc @@ -201,6 +201,27 @@ do_install () { fi } +# when building yocto image with non-root user some binaries appears in resulting +# image with rights of user who build image. This behaviour may lead to misfunction +# of some binaries like mount because of setuid bit on them: +# mount /dev/sdb1 /mnt/flash +# mount: only root can do that (effective UID is 1000) +# ls -ld which mount +# lrwxrwxrwx1 root root21 Jan 2 1970 /bin/mount -> /bin/mount.util-linux # root@mitx-fp32:/mnt/system/initrd# ls -ld /bin/mount.util-linux # -rwsr-xr-x1 1000 1000 28020 Apr 23 12:49 /bin/mount.util-linux +do_install_append_class-target () { +for p in $sbinprogs $sbinprogs_a; do +if [ -f "${D}${base_sbindir}/$p" ]; then +chown 0:0 "${D}${base_sbindir}/$p" +fi +done +for p in $binprogs_a; do +if [ -f "${D}${base_bindir}/$p" ]; then +chown 0:0 "${D}${base_bindir}/$p" +fi +done +} + + # nologin causes a conflict with shadow-native # kill causes a conflict with coreutils-native (if ${bindir}==${base_bindir}) do_install_append_class-native () { -- 2.20.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core