From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
To: buildroot@busybox.net
Subject: [Buildroot] [ PATCH v4 16/20] busybox: add option to install individual binaries
Date: Sun, 15 Dec 2013 17:10:59 +0100 [thread overview]
Message-ID: <20131215171059.767cfd8b@skate> (raw)
In-Reply-To: <52AA4069.3000707@mind.be>
Dear Arnout Vandecappelle,
On Fri, 13 Dec 2013 00:02:01 +0100, Arnout Vandecappelle wrote:
> >
> > +config BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES
> > + bool "Individual binaries"
>
> This really lacks some help text, even I had no idea what it meant
> at first. I guess the text from busybox can just be reused - though
> for SELinux there's obviously a different reason.
In fact, the patches from me in this series were not really meant to be
sent to the list. They are proof-of-concept patches that I did to help
Clayton, but some more work was needed before they could be submit for
real.
> If your CPU architecture doesn't allow for sharing
> text/rodata sections of running binaries, but allows for runtime
> dynamic libraries, this option will allow you to reduce memory
> footprint when you have many different applets running at once.
>
> If your CPU architecture allows for sharing text/rodata,
> having single binary is more optimal.
>
> Each applet will be a tiny program, dynamically linked
> against libbusybox.so.N.N.N.
>
> You need to have a working dynamic linker.
In the context of SELinux, it's because SELinux can only apply
different security policies to the various applets if they use
different binaries.
> That last sentence makes me think that we're missing a depends on
> !BR2_PREFER_STATIC here.
Indeed.
Also, I am not sure we want to show this option in the top-level
package menuconfig. So, we can either:
* Have a sub-menu for Busybox customization options
* Make this behavior automatic whenever SELinux support is enabled,
and only in this case
> > +ifeq ($(BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES),y)
> > +define BUSYBOX_PERMISSIONS
> > +/usr/share/udhcpc/default.script f 755 0 0 - - - - -
>
> Isn't setuid root needed anymore for /bin/login? Same for passwd,
> su, probably others...
Most likely yes. I have been able to log into the system with this
patch, though.
> > +define BUSYBOX_INSTALL_INDIVIDUAL_BINARIES
> > + for i in `find -L $(TARGET_DIR) -xtype l -samefile
> > $(TARGET_DIR)/bin/busybox` ; do \
> > + $(INSTALL) -D -m 0755 $(@D)/0_lib/`basename $$i`
> > $$i ; \
> > + done
>
> Icky, perhaps it's better to make an upstreamable patch that fixes
> the Makefile so it properly installs the binaries if
> INDIVIDUAL_BINARIES is selected?
Yeah, could be interesting indeed.
Thanks for your comments,
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
next prev parent reply other threads:[~2013-12-15 16:10 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-12 18:27 [Buildroot] [ PATCH v4 00/20] SELinux Buildroot Additions Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 01/20] pcre: Add host build support Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 02/20] libselinux: new package Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 03/20] ustr: " Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 04/20] bzip2: Add host build shared library installation Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 05/20] libsemanage: new package Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 06/20] checkpolicy: " Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 07/20] sepolgen: " Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 08/20] sqlite: Add host build support Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 09/20] setools: new package Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 10/20] python-pyparsing: Add host build option Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 11/20] audit: new package Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 12/20] policycoreutils: " Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 13/20] python-pyxml: " Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 14/20] refpolicy: " Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 15/20] shadow: " Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 16/20] busybox: add option to install individual binaries Clayton Shotwell
2013-12-12 23:02 ` Arnout Vandecappelle
2013-12-15 16:10 ` Thomas Petazzoni [this message]
2013-12-17 17:47 ` Clayton Shotwell
2013-12-16 15:44 ` Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 17/20] busybox: add option to enable SELinux support Clayton Shotwell
2013-12-15 16:12 ` Thomas Petazzoni
2013-12-17 17:52 ` Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 18/20] busybox: ensure it finds pkg-config by setting PATH Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 19/20] refpolicy: Add busybox selections Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 20/20] configs: Add SELinux x86 qemu config Clayton Shotwell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131215171059.767cfd8b@skate \
--to=thomas.petazzoni@free-electrons.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.