From: "Peter A. Bigot" <pab@pabigot.com>
To: openembedded-core@lists.openembedded.org
Subject: Re: dbus build host uid/gid leaking into target home directory
Date: Sun, 12 Oct 2014 16:05:41 -0500 [thread overview]
Message-ID: <543AED25.7070201@pabigot.com> (raw)
In-Reply-To: <543965E7.3040806@pabigot.com>
On 10/11/2014 12:16 PM, Peter A. Bigot wrote:
> Back at
> http://lists.openembedded.org/pipermail/openembedded-core/2011-December/053836.html
> it was noted that the dbus home directory /var/lib/dbus on the target
> was using the build host uid/gid. Various discussion agreed this
> shouldn't happen, but there was no resolution in the thread.
>
> I found https://bugzilla.yoctoproject.org/show_bug.cgi?id=1711 which
> is marked fixed, but on a newly installed system I find:
>
> root@beaglebone:~# ls -l /var/lib
> total 52
> drwxr-xr-x 2 root root 4096 Oct 11 2014 alsa
> drwxr-xr-x 2 root root 4096 Oct 11 2014 arpd
> drwxr-xr-x 2 root root 4096 Oct 11 12:30 connman
> drwxr-xr-x 2 102 105 4096 Oct 11 2014 dbus
>
> where the dbus uid/gid is from my host system as shown by:
>
> root@beaglebone:~# grep dbus /etc/passwd
> messagebus:x:999:998::/var/lib/dbus:/bin/false
> llc[140]$ grep dbus /etc/passwd
> messagebus:x:102:105::/var/run/dbus:/bin/false
Pilot error. This ultimately turned out to be a side-effect of the way
I create my image media: I unpacking the rootfs tar file onto a mounted
sdcard outside the pseudo environment and forgot that tar records
user/group by name not uid/gid.
Peter
> This arises in an image extending core-image-base building meta-ti's
> version of beaglebone. (I'm actually trying to fix the same problem
> arising in a patch intended to make sure ntp's home directory exists,
> but the dbus one appears to be the same thing.)
>
> The suggested workaround for opkg of using a pkg_postinst script
> doesn't work in my case because the rpm post-install script gets run
> on the build host that's creating rootfs.The ownership is wrong in the
> generated rootfs tar files whether or not there's a post-install
> script that tries to change it.
>
> For my ntp patch I verified that removing the package and installing
> it on the target does work as expected.
>
> Does anybody else see this sort of thing?
>
> If not, where in the image packaging code is the magic that's supposed
> to help pseudo record who's really supposed to own the files and
> re-apply that when the image packaging is done?
>
> Peter
next prev parent reply other threads:[~2014-10-12 21:05 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-11 17:16 dbus build host uid/gid leaking into target home directory Peter A. Bigot
2014-10-11 21:10 ` Gary Thomas
2014-10-11 23:14 ` Peter A. Bigot
2014-10-11 23:27 ` Gary Thomas
2014-10-12 6:31 ` Peter A. Bigot
2014-10-12 21:05 ` Peter A. Bigot [this message]
2014-10-13 9:13 ` Paul Eggleton
2014-10-13 12:00 ` Peter A. Bigot
2014-10-14 6:23 ` Paul Barker
2014-10-14 9:39 ` Burton, Ross
2014-10-14 9:43 ` Martin Jansa
2014-10-14 9:45 ` Martin Jansa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=543AED25.7070201@pabigot.com \
--to=pab@pabigot.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox