From: "Peter A. Bigot" <pab@pabigot.com>
To: Paul Eggleton <paul.eggleton@linux.intel.com>,
openembedded-core@lists.openembedded.org
Subject: Re: dbus build host uid/gid leaking into target home directory
Date: Mon, 13 Oct 2014 07:00:30 -0500 [thread overview]
Message-ID: <543BBEDE.20103@pabigot.com> (raw)
In-Reply-To: <2427853.ctRZJaqR28@peggleto-mobl5.ger.corp.intel.com>
On 10/13/2014 04:13 AM, Paul Eggleton wrote:
> On Sunday 12 October 2014 16:05:41 Peter A. Bigot wrote:
>> On 10/11/2014 12:16 PM, Peter A. Bigot wrote:
>>> Back at
>>> http://lists.openembedded.org/pipermail/openembedded-core/2011-December/05
>>> 3836.html it was noted that the dbus home directory /var/lib/dbus on the
>>> target was using the build host uid/gid. Various discussion agreed this
>>> shouldn't happen, but there was no resolution in the thread.
>>>
>>> I found https://bugzilla.yoctoproject.org/show_bug.cgi?id=1711 which
>>> is marked fixed, but on a newly installed system I find:
>>>
>>> root@beaglebone:~# ls -l /var/lib
>>> total 52
>>> drwxr-xr-x 2 root root 4096 Oct 11 2014 alsa
>>> drwxr-xr-x 2 root root 4096 Oct 11 2014 arpd
>>> drwxr-xr-x 2 root root 4096 Oct 11 12:30 connman
>>> drwxr-xr-x 2 102 105 4096 Oct 11 2014 dbus
>>>
>>> where the dbus uid/gid is from my host system as shown by:
>>>
>>> root@beaglebone:~# grep dbus /etc/passwd
>>> messagebus:x:999:998::/var/lib/dbus:/bin/false
>>> llc[140]$ grep dbus /etc/passwd
>>> messagebus:x:102:105::/var/run/dbus:/bin/false
>> Pilot error. This ultimately turned out to be a side-effect of the way
>> I create my image media: I unpacking the rootfs tar file onto a mounted
>> sdcard outside the pseudo environment and forgot that tar records
>> user/group by name not uid/gid.
> I used to use this method previously, and I guess it can still work if you're
> not including certain packages in your image - but I wonder if we should note
> this potential pitfall somewhere in the documentation. I'm not entirely sure
> where such a note would go, though.
Possibly in the section on wic or anything that descibes image building,
since I expect wic doesn't have this issue. I haven't used kickstart
for years but really liked the approach when I did, so I'll be switching
to wic next time I'm actively working OE. Arguably the classic
tar/cpio/non-fs rootfs images are fragile unless there's a way to unpack
them onto runtime media that preserves the name/id mappings defined
within the image itself.
Peter
next prev parent reply other threads:[~2014-10-13 12:00 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-11 17:16 dbus build host uid/gid leaking into target home directory Peter A. Bigot
2014-10-11 21:10 ` Gary Thomas
2014-10-11 23:14 ` Peter A. Bigot
2014-10-11 23:27 ` Gary Thomas
2014-10-12 6:31 ` Peter A. Bigot
2014-10-12 21:05 ` Peter A. Bigot
2014-10-13 9:13 ` Paul Eggleton
2014-10-13 12:00 ` Peter A. Bigot [this message]
2014-10-14 6:23 ` Paul Barker
2014-10-14 9:39 ` Burton, Ross
2014-10-14 9:43 ` Martin Jansa
2014-10-14 9:45 ` Martin Jansa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=543BBEDE.20103@pabigot.com \
--to=pab@pabigot.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=paul.eggleton@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.