From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
To: buildroot@busybox.net
Subject: [Buildroot] [ PATCH v4 16/20] busybox: add option to install individual binaries
Date: Sun, 15 Dec 2013 17:10:59 +0100 [thread overview]
Message-ID: <20131215171059.767cfd8b@skate> (raw)
In-Reply-To: <52AA4069.3000707@mind.be>
Dear Arnout Vandecappelle,
On Fri, 13 Dec 2013 00:02:01 +0100, Arnout Vandecappelle wrote:
> >
> > +config BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES
> > + bool "Individual binaries"
>
> This really lacks some help text, even I had no idea what it meant
> at first. I guess the text from busybox can just be reused - though
> for SELinux there's obviously a different reason.
In fact, the patches from me in this series were not really meant to be
sent to the list. They are proof-of-concept patches that I did to help
Clayton, but some more work was needed before they could be submit for
real.
> If your CPU architecture doesn't allow for sharing
> text/rodata sections of running binaries, but allows for runtime
> dynamic libraries, this option will allow you to reduce memory
> footprint when you have many different applets running at once.
>
> If your CPU architecture allows for sharing text/rodata,
> having single binary is more optimal.
>
> Each applet will be a tiny program, dynamically linked
> against libbusybox.so.N.N.N.
>
> You need to have a working dynamic linker.
In the context of SELinux, it's because SELinux can only apply
different security policies to the various applets if they use
different binaries.
> That last sentence makes me think that we're missing a depends on
> !BR2_PREFER_STATIC here.
Indeed.
Also, I am not sure we want to show this option in the top-level
package menuconfig. So, we can either:
* Have a sub-menu for Busybox customization options
* Make this behavior automatic whenever SELinux support is enabled,
and only in this case
> > +ifeq ($(BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES),y)
> > +define BUSYBOX_PERMISSIONS
> > +/usr/share/udhcpc/default.script f 755 0 0 - - - - -
>
> Isn't setuid root needed anymore for /bin/login? Same for passwd,
> su, probably others...
Most likely yes. I have been able to log into the system with this
patch, though.
> > +define BUSYBOX_INSTALL_INDIVIDUAL_BINARIES
> > + for i in `find -L $(TARGET_DIR) -xtype l -samefile
> > $(TARGET_DIR)/bin/busybox` ; do \
> > + $(INSTALL) -D -m 0755 $(@D)/0_lib/`basename $$i`
> > $$i ; \
> > + done
>
> Icky, perhaps it's better to make an upstreamable patch that fixes
> the Makefile so it properly installs the binaries if
> INDIVIDUAL_BINARIES is selected?
Yeah, could be interesting indeed.
Thanks for your comments,
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
next prev parent reply other threads:[~2013-12-15 16:10 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-12 18:27 [Buildroot] [ PATCH v4 00/20] SELinux Buildroot Additions Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 01/20] pcre: Add host build support Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 02/20] libselinux: new package Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 03/20] ustr: " Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 04/20] bzip2: Add host build shared library installation Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 05/20] libsemanage: new package Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 06/20] checkpolicy: " Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 07/20] sepolgen: " Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 08/20] sqlite: Add host build support Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 09/20] setools: new package Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 10/20] python-pyparsing: Add host build option Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 11/20] audit: new package Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 12/20] policycoreutils: " Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 13/20] python-pyxml: " Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 14/20] refpolicy: " Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 15/20] shadow: " Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 16/20] busybox: add option to install individual binaries Clayton Shotwell
2013-12-12 23:02 ` Arnout Vandecappelle
2013-12-15 16:10 ` Thomas Petazzoni [this message]
2013-12-17 17:47 ` Clayton Shotwell
2013-12-16 15:44 ` Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 17/20] busybox: add option to enable SELinux support Clayton Shotwell
2013-12-15 16:12 ` Thomas Petazzoni
2013-12-17 17:52 ` Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 18/20] busybox: ensure it finds pkg-config by setting PATH Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 19/20] refpolicy: Add busybox selections Clayton Shotwell
2013-12-12 18:27 ` [Buildroot] [ PATCH v4 20/20] configs: Add SELinux x86 qemu config Clayton Shotwell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131215171059.767cfd8b@skate \
--to=thomas.petazzoni@free-electrons.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox