From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
To: buildroot@busybox.net
Subject: [Buildroot] [Buildroot PATCH Selinux v10 05/11] busybox: applets as individual binaries
Date: Tue, 23 Feb 2016 22:47:48 +0100 [thread overview]
Message-ID: <20160223224748.05d575d8@free-electrons.com> (raw)
In-Reply-To: <1455603506-26138-5-git-send-email-niranjan.reddy@rockwellcollins.com>
Hello,
On Tue, 16 Feb 2016 11:48:20 +0530, Niranjan Reddy wrote:
> +ifeq ($(BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES),y)
> +define BUSYBOX_PERMISSIONS
> + /usr/share/udhcpc/default.script f 755 0 0 - - - - -
> +endef
> +
> +# Set permissions on all applets with BB_SUID_REQUIRE and BB_SUID_MAYBE. The
> +# permissions are pulled from the applets.h file that is generated during
> +# the build and used to determine all of the possible applets. The permissions
> +# file is generated and added to the list of device tables used by makedevs to
> +# set file permissions.
> +define BUSYBOX_MAKEDEV_PERMISSIONS
> + if [ -f $(@D)/.buildroot_permissions ]; then \
> + rm $(@D)/.buildroot_permissions; \
> + fi; \
> + touch $(@D)/.buildroot_permissions; \
> + for app in `grep -r -e "APPLET.*BB_SUID_REQUIRE\|APPLET.*BB_SUID_MAYBE" $(@D)/include/applets.h \
> + | sed -e 's/,.*//' -e 's/.*(//'`; \
> + do \
> + temp=`grep -w $${app} $(@D)/busybox.links`; \
> + if [ -n "$${temp}" ]; then \
> + echo "$${temp} f 4755 0 0 - - - - -" >> $(@D)/.buildroot_permissions; \
> + fi; \
> + done
> +endef
> +BUSYBOX_POST_INSTALL_TARGET_HOOKS += BUSYBOX_MAKEDEV_PERMISSIONS
> +BR2_ROOTFS_DEVICE_TABLE += $(BUSYBOX_DIR)/.buildroot_permissions
> +else
I already said it in previous reviews, but I really don't like this. I
don't like that you're appending directly to BR2_ROOTFS_DEVICE_TABLE,
and I don't like the complicated logic.
There are 6 applets with BB_SUID_REQUIRE, and 6 applets with
BB_SUID_MAYBE. So I would prefer to have:
define BUSYBOX_PERMISSIONS
/bin/ping f f4755 0 0 - - - - -
...
endef
for all 12 applets. The issue you will probably encounter is that
makedevs will fail if you specify a file that doesn't exist. My
proposal to solve this (I'm Cc'ing Yann here to get his opinion) is to
add a marker or flag to tell makedevs "don't fail if the file doesn't
exist". Maybe:
-/bin/ping
or something like this.
Thanks,
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
next prev parent reply other threads:[~2016-02-23 21:47 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-16 6:18 [Buildroot] [Buildroot PATCH Selinux v10 01/11] dbus: selinux file context support Niranjan Reddy
2016-02-16 6:18 ` [Buildroot] [Buildroot PATCH Selinux v10 02/11] linux-pam: selinux audit dependencies Niranjan Reddy
2016-02-23 21:29 ` Thomas Petazzoni
2016-02-16 6:18 ` [Buildroot] [Buildroot PATCH Selinux v10 03/11] linux-pam: selinux system auth Niranjan Reddy
2016-02-23 21:31 ` Thomas Petazzoni
2016-02-16 6:18 ` [Buildroot] [Buildroot PATCH Selinux v10 04/11] linux-pam: selinux host dependencies Niranjan Reddy
2016-02-23 21:36 ` Thomas Petazzoni
2016-02-26 6:58 ` Niranjan Reddy
2016-02-26 8:17 ` Thomas Petazzoni
2016-02-16 6:18 ` [Buildroot] [Buildroot PATCH Selinux v10 05/11] busybox: applets as individual binaries Niranjan Reddy
2016-02-23 21:47 ` Thomas Petazzoni [this message]
2016-02-16 6:18 ` [Buildroot] [Buildroot PATCH Selinux v10 06/11] policycoreutils: new package Niranjan Reddy
2016-02-23 22:03 ` Thomas Petazzoni
2016-02-16 6:18 ` [Buildroot] [Buildroot PATCH Selinux v10 07/11] qemu x86 selinux: base br defconfig Niranjan Reddy
2016-02-23 21:55 ` Thomas Petazzoni
2016-03-01 6:43 ` Niranjan Reddy
2016-02-16 6:18 ` [Buildroot] [Buildroot PATCH Selinux v10 08/11] refpolicy: new package Niranjan Reddy
2016-02-23 22:25 ` Thomas Petazzoni
2016-02-16 6:18 ` [Buildroot] [Buildroot PATCH Selinux v10 09/11] python-pyparsing: Add host build option Niranjan Reddy
2016-02-23 21:50 ` Thomas Petazzoni
2016-02-16 6:18 ` [Buildroot] [Buildroot PATCH Selinux v10 10/11] util-linux: selinux, audit, and pam support Niranjan Reddy
2016-02-23 22:07 ` Thomas Petazzoni
2016-02-16 6:18 ` [Buildroot] [Buildroot PATCH Selinux v10 11/11] qemu x86 selinux: added common selinux support files Niranjan Reddy
2016-02-23 21:25 ` [Buildroot] [Buildroot PATCH Selinux v10 01/11] dbus: selinux file context support Thomas Petazzoni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160223224748.05d575d8@free-electrons.com \
--to=thomas.petazzoni@free-electrons.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.