Re: [yocto] Access Control List (ACL) permissions attributes not getting preserved in rootfs
Hello Team ,
I am trying to set extended attributes using below post inst . I am able to
preserve the setcap and smack attributes in the ext4 image. However, I am
getting "Invalid argument " when I run getfacl/setfacl in qemu target . As said
earlier all the 3 attributes are seen using devshell in the rootfs folder.
pkg_postinst_${PN}() {
setfacl -m u:user2:r-- $D${bindir}/helloworld
setcap cap_net_raw+ep $D${bindir}/helloworld
chsmack -a "helloWorldAccessLabel" -e "helloWorldExecuteLabel"
$D${bindir}/helloworld
}
When I was using " e2fsprogs_1.42.9.bb the POSIX caps and smack rules were not
getting preserved but acl attributes were getting preserved now opposite is
happening .
@Joshua/Team
Can somebody help here ? This is bit urgent and I have been struggling for
quite some time.
Note :I have set the inode size to be 256 while creating the ext4 image.
Thanks and REgads
Shrawan
-Original Message-
From: yocto-boun...@yoctoproject.org [mailto:yocto-boun...@yoctoproject.org] On
Behalf Of Kumar, Shrawan
Sent: Thursday, October 27, 2016 6:26 PM
To: Joshua G Lock; yocto@yoctoproject.org
Subject: Re: [yocto] Access Control List (ACL) permissions attributes not
getting preserved in rootfs
Hello All,
Further update on this issue , migrated to "e2fsprogs_1.43.bb" from
"e2fsprogs_1.42.9.bb" . It is observed that the ACL permission set are visible
on dev-shell but when qemu is launched we get below error :
root@qemux86:#getfacl /usr/bin/helloworld
getfacl: /usr/bin/helloworld: Invalid argument
Also,
root@qemux86:# setfacl -m u:user2:r-- /usr/bin/helloworld
setfacl: /usr/bin/helloworld: Invalid argument
Thanks and Regards
Shrawan
-Original Message-
From: Joshua G Lock [mailto:joshua.g.l...@linux.intel.com]
Sent: Friday, August 12, 2016 7:22 PM
To: Kumar, Shrawan; yocto@yoctoproject.org
Subject: Re: [yocto] Access Control List (ACL) permissions attributes not
getting preserved in rootfs
On Fri, 2016-08-12 at 12:33 +, Kumar, Shrawan wrote:
> Hello All,
>
> I am using poky “ jethro” , and though one of my recipe, I have
> created user1 & user2 and then trying to set ACL rules on
> “helloworld” bin as below :
>
>
> do_install() {
> install -d ${D}${bindir}
> install -m 0700 helloworld ${D}${bindir}
> install -d ${D}/lib/systemd/system
> install -m 0700 hello.service
> ${D}/lib/systemd/system/
> chown user1:group1 ${D}${bindir}/helloworld
> setfacl -m u:user2:r-- ${D}${bindir}/helloworld }
>
>
> è When I see on the devshell ( bitbake HelloWorld –c devshell) :
> poky/build_qemux86/tmp/work/qemux86-poky-linux/core-image-
> minimal/1.0-r0/rootfs/usr/bin# getfacl helloworld , I could see
> that ACL permissions are set correctly as below :
> - # file: helloworld
> - # owner: user1
> - # group: group1
> - user::rwx
> - user:user2:r--
> - group::---
> - mask::r--
> - other::---
>
> However, It does not seems to be getting preserved in rootfs. :
> /poky/build_qemux86/tmp/work/qemux86-poky-linux/core-image-
> minimal/1.0-r0/rootfs/usr/bin# getfacl helloworld # file: helloworld #
> owner: user1 # group: group1 user::rwx
> group::---
> other::---
>
> quick help here would be highly appreciated
This is due to the fact that we don't currently have a mechanism to preserve
xattr through to image construction[1].
The largest barrier for doig so is that the package managers (certainly dpkg
and rpm) don't have any support for xattrs in packages (an image is populated
via the package manager).
To the best of my knowledge the only option for adding some xattr/ACL is to use
a postinst[2] to set the attributes after the package has been installed.
Regards,
Joshua
1. https://bugzilla.yoctoproject.org/show_bug.cgi?id=9858
2. http://www.yoctoproject.org/docs/2.1/dev-manual/dev-manual.html#new-
recipe-post-installation-scripts
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] Access Control List (ACL) permissions attributes not getting preserved in rootfs
Hello All,
Further update on this issue , migrated to "e2fsprogs_1.43.bb" from
"e2fsprogs_1.42.9.bb" . It is observed that the ACL permission set are visible
on dev-shell but when qemu is launched we get below error :
root@qemux86:#getfacl /usr/bin/helloworld
getfacl: /usr/bin/helloworld: Invalid argument
Also,
root@qemux86:# setfacl -m u:user2:r-- /usr/bin/helloworld
setfacl: /usr/bin/helloworld: Invalid argument
Is this known and fixed already ?
Google shows that similar observations are seen , are they related ?
https://www.suse.com/support/kb/doc?id=7003064
https://bbs.archlinux.org/viewtopic.php?id=211463
https://access.redhat.com/solutions/752523
Thanks and Regards
Shrawan
-Original Message-
From: Joshua G Lock [mailto:joshua.g.l...@linux.intel.com]
Sent: Friday, August 12, 2016 7:22 PM
To: Kumar, Shrawan; yocto@yoctoproject.org
Subject: Re: [yocto] Access Control List (ACL) permissions attributes not
getting preserved in rootfs
On Fri, 2016-08-12 at 12:33 +, Kumar, Shrawan wrote:
> Hello All,
>
> I am using poky “ jethro” , and though one of my recipe, I have
> created user1 & user2 and then trying to set ACL rules on
> “helloworld” bin as below :
>
>
> do_install() {
> install -d ${D}${bindir}
> install -m 0700 helloworld ${D}${bindir}
> install -d ${D}/lib/systemd/system
> install -m 0700 hello.service
> ${D}/lib/systemd/system/
> chown user1:group1 ${D}${bindir}/helloworld
> setfacl -m u:user2:r-- ${D}${bindir}/helloworld }
>
>
> è When I see on the devshell ( bitbake HelloWorld –c devshell) :
> poky/build_qemux86/tmp/work/qemux86-poky-linux/core-image-
> minimal/1.0-r0/rootfs/usr/bin# getfacl helloworld , I could see
> that ACL permissions are set correctly as below :
> - # file: helloworld
> - # owner: user1
> - # group: group1
> - user::rwx
> - user:user2:r--
> - group::---
> - mask::r--
> - other::---
>
> However, It does not seems to be getting preserved in rootfs. :
> /poky/build_qemux86/tmp/work/qemux86-poky-linux/core-image-
> minimal/1.0-r0/rootfs/usr/bin# getfacl helloworld # file: helloworld #
> owner: user1 # group: group1 user::rwx
> group::---
> other::---
>
> quick help here would be highly appreciated
This is due to the fact that we don't currently have a mechanism to preserve
xattr through to image construction[1].
The largest barrier for doig so is that the package managers (certainly dpkg
and rpm) don't have any support for xattrs in packages (an image is populated
via the package manager).
To the best of my knowledge the only option for adding some xattr/ACL is to use
a postinst[2] to set the attributes after the package has been installed.
Regards,
Joshua
1. https://bugzilla.yoctoproject.org/show_bug.cgi?id=9858
2. http://www.yoctoproject.org/docs/2.1/dev-manual/dev-manual.html#new-
recipe-post-installation-scripts
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] Access Control List (ACL) permissions attributes not getting preserved in rootfs
On Wed, 2016-08-17 at 04:47 +, Kumar, Shrawan wrote:
> Hello Joshua,
>
> We did not want bins like setfacl,setcap,chsmack etc.. to be kept on
> target .
Understandable.
>
> - wanted to understand "how does this postscript gets copied to
> target and at which path"?
Any postinsts which fail to run at image creation time will be saved
into a package-manager prefixed directory of sysconfdir (i.e. /etc/rpm-
postinsts) by the rootfs construction routine.
> - I will have multiple recipe that will have this postscript to set
> respective packages bin's "acl" permissions and "smack" rules. Is it
> possible that after executing all the post script from all the
> recipes , I shall be able to uninstall the acl and smack rpms ? Same
> applies for "setcap" rpms.
It's possible, though I'd wager on a system where you don't want to
include setfacl and friends you probably don't want to keep a package
manager either? Could get messy.
> - Do you have near plan to fix these :) ?
It appears to be related to running under pseudo:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=10158
I don't have a concrete plan or timeframe for fixing this issue at this
time, I'm afraid. You can watch the bug for updates as it should be
triaged in the YP triage meeting tomorrow and that will influence the
schedule.
Regards,
Joshua
>
>
> Thanks and Regards
> Shrawan
>
> -Original Message-
> From: Joshua G Lock [mailto:joshua.g.l...@linux.intel.com]
> Sent: Wednesday, August 17, 2016 1:22 AM
> To: Kumar, Shrawan; yocto@yoctoproject.org
> Subject: Re: [yocto] Access Control List (ACL) permissions attributes
> not getting preserved in rootfs
>
> On Tue, 2016-08-16 at 11:55 +, Kumar, Shrawan wrote:
> >
> > Thanks Joshua,
> >
> > "postinst" works!! I could see the attributes set under
> > "poky/build_qemux86/tmp/work/qemux86-poky-linux/core-image-
> > minimal/1.0-r0/rootfs/".
> >
> > However, I still could not see the attributes after booting qemu.
> > It
> > seems during rootfs.ext4 (mkfs.ext4 command )creation when
> > "create_image_ext4.sh" is called , again this is getting lost.
> >
> > Any idea on this ?
>
>
> I'm not sure why the attribute isn't preserved in the image, it could
> be a another missing piece for me to track in the quest to better
> support xattr.
>
> There is a way to work around it, though — you can force the postinst
> to be run on the target at first boot, as documented in that same
> manual section. For example I have a test recipe with:
>
> 8<snip
>
> pkg_postinst_${PN}() {
> chown foo:foo $D${datadir}/xattrtest/xattrtest
> # Force setfacl to run on the target, not at image creation
> if [ x"$D" = "x" ]; then
> setfacl -m u:bar:r-- $D${datadir}/xattrtest/xattrtest
> else
> exit 1
> fi
> }
>
> USERADD_PACKAGES = "${PN}"
> USERADD_PARAM_${PN} = "-m foo;-m bar"
> RDEPENDS_${PN} += "acl"
>
> 8<snip
>
> which results in:
>
> $ getfacl /usr/share/xattrtest/xattrtest
> getfacl: Removing leading '/' from absolute path names # file
> /usr/share/xattrtest/xattrtest # owner: foo # group: foo
> user::rw-
> user:bar:r--
> group::r--
> mask::r--
> other::r--
>
> The downside here is that your image has to include postinst support
> and the acl package (per the RDEPENDS_${PN} line in the snippet
> above).
>
> Regards,
>
> Joshua
>
> >
> >
> > Regards
> > Shrawan
> >
> >
> >
> >
> >
> > -Original Message-
> > From: Joshua G Lock [mailto:joshua.g.l...@linux.intel.com]
> > Sent: Friday, August 12, 2016 7:22 PM
> > To: Kumar, Shrawan; yocto@yoctoproject.org
> > Subject: Re: [yocto] Access Control List (ACL) permissions
> > attributes
> > not getting preserved in rootfs
> >
> > On Fri, 2016-08-12 at 12:33 +, Kumar, Shrawan wrote:
> > >
> > >
> > > Hello All,
> > >
> > > I am using poky “ jethro” , and though one of my recipe, I
> > > have
> > > created user1 & user2 and then trying to set ACL rules on
> > > “helloworld” bin as below :
> > >
> > >
> > > do_install() {
> > > install -d ${D}${bindir}
> > > install -m 0700 helloworld ${D}${bindir}
> > > install -d ${D}/lib/systemd/system
> > > install -m 0700 hello.service
> > > $
Re: [yocto] Access Control List (ACL) permissions attributes not getting preserved in rootfs
Hello Joshua,
We did not want bins like setfacl,setcap,chsmack etc.. to be kept on target .
- wanted to understand "how does this postscript gets copied to target and at
which path"?
- I will have multiple recipe that will have this postscript to set respective
packages bin's "acl" permissions and "smack" rules. Is it possible that after
executing all the post script from all the recipes , I shall be able to
uninstall the acl and smack rpms ? Same applies for "setcap" rpms.
- Do you have near plan to fix these :) ?
Thanks and Regards
Shrawan
-Original Message-
From: Joshua G Lock [mailto:joshua.g.l...@linux.intel.com]
Sent: Wednesday, August 17, 2016 1:22 AM
To: Kumar, Shrawan; yocto@yoctoproject.org
Subject: Re: [yocto] Access Control List (ACL) permissions attributes not
getting preserved in rootfs
On Tue, 2016-08-16 at 11:55 +, Kumar, Shrawan wrote:
> Thanks Joshua,
>
> "postinst" works!! I could see the attributes set under
> "poky/build_qemux86/tmp/work/qemux86-poky-linux/core-image-
> minimal/1.0-r0/rootfs/".
>
> However, I still could not see the attributes after booting qemu. It
> seems during rootfs.ext4 (mkfs.ext4 command )creation when
> "create_image_ext4.sh" is called , again this is getting lost.
>
> Any idea on this ?
I'm not sure why the attribute isn't preserved in the image, it could be a
another missing piece for me to track in the quest to better support xattr.
There is a way to work around it, though — you can force the postinst to be run
on the target at first boot, as documented in that same manual section. For
example I have a test recipe with:
8<snip
pkg_postinst_${PN}() {
chown foo:foo $D${datadir}/xattrtest/xattrtest
# Force setfacl to run on the target, not at image creation
if [ x"$D" = "x" ]; then
setfacl -m u:bar:r-- $D${datadir}/xattrtest/xattrtest
else
exit 1
fi
}
USERADD_PACKAGES = "${PN}"
USERADD_PARAM_${PN} = "-m foo;-m bar"
RDEPENDS_${PN} += "acl"
8<snip
which results in:
$ getfacl /usr/share/xattrtest/xattrtest
getfacl: Removing leading '/' from absolute path names # file
/usr/share/xattrtest/xattrtest # owner: foo # group: foo
user::rw-
user:bar:r--
group::r--
mask::r--
other::r--
The downside here is that your image has to include postinst support and the
acl package (per the RDEPENDS_${PN} line in the snippet above).
Regards,
Joshua
>
> Regards
> Shrawan
>
>
>
>
>
> -----Original Message-----
> From: Joshua G Lock [mailto:joshua.g.l...@linux.intel.com]
> Sent: Friday, August 12, 2016 7:22 PM
> To: Kumar, Shrawan; yocto@yoctoproject.org
> Subject: Re: [yocto] Access Control List (ACL) permissions attributes
> not getting preserved in rootfs
>
> On Fri, 2016-08-12 at 12:33 +, Kumar, Shrawan wrote:
> >
> > Hello All,
> >
> > I am using poky “ jethro” , and though one of my recipe, I have
> > created user1 & user2 and then trying to set ACL rules on
> > “helloworld” bin as below :
> >
> >
> > do_install() {
> > install -d ${D}${bindir}
> > install -m 0700 helloworld ${D}${bindir}
> > install -d ${D}/lib/systemd/system
> > install -m 0700 hello.service
> > ${D}/lib/systemd/system/
> > chown user1:group1 ${D}${bindir}/helloworld
> > setfacl -m u:user2:r-- ${D}${bindir}/helloworld }
> >
> >
> > è When I see on the devshell ( bitbake HelloWorld –c devshell) :
> > poky/build_qemux86/tmp/work/qemux86-poky-linux/core-image-
> > minimal/1.0-r0/rootfs/usr/bin# getfacl helloworld , I could see
> > that ACL permissions are set correctly as below :
> > - # file: helloworld
> > - # owner: user1
> > - # group: group1
> > - user::rwx
> > - user:user2:r--
> > - group::---
> > - mask::r--
> > - other::---
> >
> > However, It does not seems to be getting preserved in rootfs. :
> > /poky/build_qemux86/tmp/work/qemux86-poky-linux/core-image-
> > minimal/1.0-r0/rootfs/usr/bin# getfacl helloworld # file:
> > helloworld #
> > owner: user1 # group: group1 user::rwx
> > group::---
> > other::---
> >
> > quick help here would be highly appreciated
>
> This is due to the fact that we don't currently have a mechanism to
> preserve xattr through to image construction[1].
>
> The largest barrier for doig so is that the package managers
> (certainly dpkg and
Re: [yocto] Access Control List (ACL) permissions attributes not getting preserved in rootfs
On Tue, 2016-08-16 at 11:55 +, Kumar, Shrawan wrote:
> Thanks Joshua,
>
> "postinst" works!! I could see the attributes set under
> "poky/build_qemux86/tmp/work/qemux86-poky-linux/core-image-
> minimal/1.0-r0/rootfs/".
>
> However, I still could not see the attributes after booting qemu. It
> seems during rootfs.ext4 (mkfs.ext4 command )creation when
> "create_image_ext4.sh" is called , again this is getting lost.
>
> Any idea on this ?
I'm not sure why the attribute isn't preserved in the image, it could
be a another missing piece for me to track in the quest to better
support xattr.
There is a way to work around it, though — you can force the postinst
to be run on the target at first boot, as documented in that same
manual section. For example I have a test recipe with:
8<snip
pkg_postinst_${PN}() {
chown foo:foo $D${datadir}/xattrtest/xattrtest
# Force setfacl to run on the target, not at image creation
if [ x"$D" = "x" ]; then
setfacl -m u:bar:r-- $D${datadir}/xattrtest/xattrtest
else
exit 1
fi
}
USERADD_PACKAGES = "${PN}"
USERADD_PARAM_${PN} = "-m foo;-m bar"
RDEPENDS_${PN} += "acl"
8<snip
which results in:
$ getfacl /usr/share/xattrtest/xattrtest
getfacl: Removing leading '/' from absolute path names
# file /usr/share/xattrtest/xattrtest
# owner: foo
# group: foo
user::rw-
user:bar:r--
group::r--
mask::r--
other::r--
The downside here is that your image has to include postinst support
and the acl package (per the RDEPENDS_${PN} line in the snippet above).
Regards,
Joshua
>
> Regards
> Shrawan
>
>
>
>
>
> -Original Message-
> From: Joshua G Lock [mailto:joshua.g.l...@linux.intel.com]
> Sent: Friday, August 12, 2016 7:22 PM
> To: Kumar, Shrawan; yocto@yoctoproject.org
> Subject: Re: [yocto] Access Control List (ACL) permissions attributes
> not getting preserved in rootfs
>
> On Fri, 2016-08-12 at 12:33 +, Kumar, Shrawan wrote:
> >
> > Hello All,
> >
> > I am using poky “ jethro” , and though one of my recipe, I
> > have
> > created user1 & user2 and then trying to set ACL rules on
> > “helloworld” bin as below :
> >
> >
> > do_install() {
> > install -d ${D}${bindir}
> > install -m 0700 helloworld ${D}${bindir}
> > install -d ${D}/lib/systemd/system
> > install -m 0700 hello.service
> > ${D}/lib/systemd/system/
> > chown user1:group1 ${D}${bindir}/helloworld
> > setfacl -m u:user2:r-- ${D}${bindir}/helloworld
> > }
> >
> >
> > è When I see on the devshell ( bitbake HelloWorld –c devshell) :
> > poky/build_qemux86/tmp/work/qemux86-poky-linux/core-image-
> > minimal/1.0-r0/rootfs/usr/bin# getfacl helloworld , I could see
> > that ACL permissions are set correctly as below :
> > - # file: helloworld
> > - # owner: user1
> > - # group: group1
> > - user::rwx
> > - user:user2:r--
> > - group::---
> > - mask::r--
> > - other::---
> >
> > However, It does not seems to be getting preserved in rootfs. :
> > /poky/build_qemux86/tmp/work/qemux86-poky-linux/core-image-
> > minimal/1.0-r0/rootfs/usr/bin# getfacl helloworld # file:
> > helloworld #
> > owner: user1 # group: group1 user::rwx
> > group::---
> > other::---
> >
> > quick help here would be highly appreciated
>
> This is due to the fact that we don't currently have a mechanism to
> preserve xattr through to image construction[1].
>
> The largest barrier for doig so is that the package managers
> (certainly dpkg and rpm) don't have any support for xattrs in
> packages (an image is populated via the package manager).
>
> To the best of my knowledge the only option for adding some xattr/ACL
> is to use a postinst[2] to set the attributes after the package has
> been installed.
>
> Regards,
>
> Joshua
>
> 1. https://bugzilla.yoctoproject.org/show_bug.cgi?id=9858
> 2. http://www.yoctoproject.org/docs/2.1/dev-manual/dev-manual.html#ne
> w-
> recipe-post-installation-scripts
>
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] Access Control List (ACL) permissions attributes not getting preserved in rootfs
Thanks Joshua,
"postinst" works!! I could see the attributes set under
"poky/build_qemux86/tmp/work/qemux86-poky-linux/core-image-minimal/1.0-r0/rootfs/".
However, I still could not see the attributes after booting qemu. It seems
during rootfs.ext4 (mkfs.ext4 command )creation when "create_image_ext4.sh" is
called , again this is getting lost.
Any idea on this ?
Regards
Shrawan
-Original Message-
From: Joshua G Lock [mailto:joshua.g.l...@linux.intel.com]
Sent: Friday, August 12, 2016 7:22 PM
To: Kumar, Shrawan; yocto@yoctoproject.org
Subject: Re: [yocto] Access Control List (ACL) permissions attributes not
getting preserved in rootfs
On Fri, 2016-08-12 at 12:33 +, Kumar, Shrawan wrote:
> Hello All,
>
> I am using poky “ jethro” , and though one of my recipe, I have
> created user1 & user2 and then trying to set ACL rules on
> “helloworld” bin as below :
>
>
> do_install() {
> install -d ${D}${bindir}
> install -m 0700 helloworld ${D}${bindir}
> install -d ${D}/lib/systemd/system
> install -m 0700 hello.service
> ${D}/lib/systemd/system/
> chown user1:group1 ${D}${bindir}/helloworld
> setfacl -m u:user2:r-- ${D}${bindir}/helloworld }
>
>
> è When I see on the devshell ( bitbake HelloWorld –c devshell) :
> poky/build_qemux86/tmp/work/qemux86-poky-linux/core-image-
> minimal/1.0-r0/rootfs/usr/bin# getfacl helloworld , I could see
> that ACL permissions are set correctly as below :
> - # file: helloworld
> - # owner: user1
> - # group: group1
> - user::rwx
> - user:user2:r--
> - group::---
> - mask::r--
> - other::---
>
> However, It does not seems to be getting preserved in rootfs. :
> /poky/build_qemux86/tmp/work/qemux86-poky-linux/core-image-
> minimal/1.0-r0/rootfs/usr/bin# getfacl helloworld # file: helloworld #
> owner: user1 # group: group1 user::rwx
> group::---
> other::---
>
> quick help here would be highly appreciated
This is due to the fact that we don't currently have a mechanism to preserve
xattr through to image construction[1].
The largest barrier for doig so is that the package managers (certainly dpkg
and rpm) don't have any support for xattrs in packages (an image is populated
via the package manager).
To the best of my knowledge the only option for adding some xattr/ACL is to use
a postinst[2] to set the attributes after the package has been installed.
Regards,
Joshua
1. https://bugzilla.yoctoproject.org/show_bug.cgi?id=9858
2. http://www.yoctoproject.org/docs/2.1/dev-manual/dev-manual.html#new-
recipe-post-installation-scripts
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
Re: [yocto] Access Control List (ACL) permissions attributes not getting preserved in rootfs
On Fri, 2016-08-12 at 12:33 +, Kumar, Shrawan wrote:
> Hello All,
>
> I am using poky “ jethro” , and though one of my recipe, I have
> created user1 & user2 and then trying to set ACL rules on
> “helloworld” bin as below :
>
>
> do_install() {
> install -d ${D}${bindir}
> install -m 0700 helloworld ${D}${bindir}
> install -d ${D}/lib/systemd/system
> install -m 0700 hello.service
> ${D}/lib/systemd/system/
> chown user1:group1 ${D}${bindir}/helloworld
> setfacl -m u:user2:r-- ${D}${bindir}/helloworld
> }
>
>
> è When I see on the devshell ( bitbake HelloWorld –c devshell) :
> poky/build_qemux86/tmp/work/qemux86-poky-linux/core-image-
> minimal/1.0-r0/rootfs/usr/bin# getfacl helloworld , I could see
> that ACL permissions are set correctly as below :
> - # file: helloworld
> - # owner: user1
> - # group: group1
> - user::rwx
> - user:user2:r--
> - group::---
> - mask::r--
> - other::---
>
> However, It does not seems to be getting preserved in rootfs. :
> /poky/build_qemux86/tmp/work/qemux86-poky-linux/core-image-
> minimal/1.0-r0/rootfs/usr/bin# getfacl helloworld
> # file: helloworld
> # owner: user1
> # group: group1
> user::rwx
> group::---
> other::---
>
> quick help here would be highly appreciated
This is due to the fact that we don't currently have a mechanism to
preserve xattr through to image construction[1].
The largest barrier for doig so is that the package managers (certainly
dpkg and rpm) don't have any support for xattrs in packages (an image
is populated via the package manager).
To the best of my knowledge the only option for adding some xattr/ACL
is to use a postinst[2] to set the attributes after the package has
been installed.
Regards,
Joshua
1. https://bugzilla.yoctoproject.org/show_bug.cgi?id=9858
2. http://www.yoctoproject.org/docs/2.1/dev-manual/dev-manual.html#new-
recipe-post-installation-scripts
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
[yocto] Access Control List (ACL) permissions attributes not getting preserved in rootfs
Hello All,
I am using poky " jethro" , and though one of my recipe, I have created
user1 & user2 and then trying to set ACL rules on "helloworld" bin as below :
do_install() {
install -d ${D}${bindir}
install -m 0700 helloworld ${D}${bindir}
install -d ${D}/lib/systemd/system
install -m 0700 hello.service ${D}/lib/systemd/system/
chownuser1:group1 ${D}${bindir}/helloworld
setfacl -m u:user2:r-- ${D}${bindir}/helloworld
}
è When I see on the devshell ( bitbake HelloWorld -c devshell) :
poky/build_qemux86/tmp/work/qemux86-poky-linux/core-image-minimal/1.0-r0/rootfs/usr/bin#
getfacl helloworld, I could see that ACL permissions are set correctly as
below :
-# file: helloworld
-# owner: user1
-# group: group1
-user::rwx
-user:user2:r--
-group::---
-mask::r--
-other::---
However, It does not seems to be getting preserved in rootfs. :
/poky/build_qemux86/tmp/work/qemux86-poky-linux/core-image-minimal/1.0-r0/rootfs/usr/bin#
getfacl helloworld
# file: helloworld
# owner: user1
# group: group1
user::rwx
group::---
other::---
quick help here would be highly appreciated
Thanks & Regards
Shrawan
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
