* [PATCH] util-linux: fix owner and group for binaries in resulting image
@ 2019-05-06 15:38 Popov Anton
2019-05-07 5:04 ` Jacob Kroon
0 siblings, 1 reply; 6+ messages in thread
From: Popov Anton @ 2019-05-06 15:38 UTC (permalink / raw)
To: openembedded-core
util-linux source produce some binaries with setuid bit set
do_install function produce binaries in /sbin and /bin with uid:gid
of user who build image this lead to messages like this:
mount /dev/sdb1 /mnt/flash
mount: only root can do that (effective UID is 1000)
this patch changing owner of binaries in /bin and /sbin to 0:0
Signed-off-by: Anton Popov <Anton.Popov@t-platforms.ru>
---
meta/recipes-core/util-linux/util-linux.inc | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc
index 34255a2dec..d75a2dd399 100644
--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -201,6 +201,27 @@ do_install () {
fi
}
+# when building yocto image with non-root user some binaries appears in resulting
+# image with rights of user who build image. This behaviour may lead to misfunction
+# of some binaries like mount because of setuid bit on them:
+# mount /dev/sdb1 /mnt/flash
+# mount: only root can do that (effective UID is 1000)
+# ls -ld which mount
+# lrwxrwxrwx 1 root root 21 Jan 2 1970 /bin/mount -> /bin/mount.util-linux # root@mitx-fp32:/mnt/system/initrd# ls -ld /bin/mount.util-linux # -rwsr-xr-x 1 1000 1000 28020 Apr 23 12:49 /bin/mount.util-linux
+do_install_append_class-target () {
+ for p in $sbinprogs $sbinprogs_a; do
+ if [ -f "${D}${base_sbindir}/$p" ]; then
+ chown 0:0 "${D}${base_sbindir}/$p"
+ fi
+ done
+ for p in $binprogs_a; do
+ if [ -f "${D}${base_bindir}/$p" ]; then
+ chown 0:0 "${D}${base_bindir}/$p"
+ fi
+ done
+}
+
+
# nologin causes a conflict with shadow-native
# kill causes a conflict with coreutils-native (if ${bindir}==${base_bindir})
do_install_append_class-native () {
--
2.20.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] util-linux: fix owner and group for binaries in resulting image
2019-05-06 15:38 [PATCH] util-linux: fix owner and group for binaries in resulting image Popov Anton
@ 2019-05-07 5:04 ` Jacob Kroon
2019-05-07 12:47 ` HA: " Popov Anton
0 siblings, 1 reply; 6+ messages in thread
From: Jacob Kroon @ 2019-05-07 5:04 UTC (permalink / raw)
To: Popov Anton; +Cc: openembedded-core
Hi,
Are we sure this is not caused by the new glibc2.29/pseudo problems
that has been seen previously ?
Which distro are you building on, and which version of poky/oe are you using ?
/Jacob
On Mon, May 6, 2019 at 5:46 PM Popov Anton <Anton.Popov@t-platforms.ru> wrote:
>
> util-linux source produce some binaries with setuid bit set
>
> do_install function produce binaries in /sbin and /bin with uid:gid
> of user who build image this lead to messages like this:
> mount /dev/sdb1 /mnt/flash
> mount: only root can do that (effective UID is 1000)
> this patch changing owner of binaries in /bin and /sbin to 0:0
>
> Signed-off-by: Anton Popov <Anton.Popov@t-platforms.ru>
> ---
> meta/recipes-core/util-linux/util-linux.inc | 21 +++++++++++++++++++++
> 1 file changed, 21 insertions(+)
>
> diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc
> index 34255a2dec..d75a2dd399 100644
> --- a/meta/recipes-core/util-linux/util-linux.inc
> +++ b/meta/recipes-core/util-linux/util-linux.inc
> @@ -201,6 +201,27 @@ do_install () {
> fi
> }
>
> +# when building yocto image with non-root user some binaries appears in resulting
> +# image with rights of user who build image. This behaviour may lead to misfunction
> +# of some binaries like mount because of setuid bit on them:
> +# mount /dev/sdb1 /mnt/flash
> +# mount: only root can do that (effective UID is 1000)
> +# ls -ld which mount
> +# lrwxrwxrwx 1 root root 21 Jan 2 1970 /bin/mount -> /bin/mount.util-linux # root@mitx-fp32:/mnt/system/initrd# ls -ld /bin/mount.util-linux # -rwsr-xr-x 1 1000 1000 28020 Apr 23 12:49 /bin/mount.util-linux
> +do_install_append_class-target () {
> + for p in $sbinprogs $sbinprogs_a; do
> + if [ -f "${D}${base_sbindir}/$p" ]; then
> + chown 0:0 "${D}${base_sbindir}/$p"
> + fi
> + done
> + for p in $binprogs_a; do
> + if [ -f "${D}${base_bindir}/$p" ]; then
> + chown 0:0 "${D}${base_bindir}/$p"
> + fi
> + done
> +}
> +
> +
> # nologin causes a conflict with shadow-native
> # kill causes a conflict with coreutils-native (if ${bindir}==${base_bindir})
> do_install_append_class-native () {
> --
> 2.20.1
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 6+ messages in thread
* HA: [PATCH] util-linux: fix owner and group for binaries in resulting image
2019-05-07 5:04 ` Jacob Kroon
@ 2019-05-07 12:47 ` Popov Anton
2019-05-07 19:53 ` Jacob Kroon
2019-05-07 20:08 ` HA: " Burton, Ross
0 siblings, 2 replies; 6+ messages in thread
From: Popov Anton @ 2019-05-07 12:47 UTC (permalink / raw)
To: Jacob Kroon; +Cc: openembedded-core
Hi,
I don't think so. At the moment we are using rocko release and found this problem in util-linux-2.30 recipe.
the problem is that util-linux builds with regular user permissions and result files are owned by user with uid 1000 in our case. for most of binaries in /bin and /sbin generated by util-linux this permissions issue is not a problem (Because all binaries has o+x set). But for those of them who have suid bit setted it became a real trouble.
With best regards,
Anton Popov
________________________________________
От: Jacob Kroon [jacob.kroon@gmail.com]
Отправлено: 7 мая 2019 г. 8:04
Кому: Popov Anton
Копия: openembedded-core@lists.openembedded.org
Тема: Re: [OE-core] [PATCH] util-linux: fix owner and group for binaries in resulting image
Hi,
Are we sure this is not caused by the new glibc2.29/pseudo problems
that has been seen previously ?
Which distro are you building on, and which version of poky/oe are you using ?
/Jacob
On Mon, May 6, 2019 at 5:46 PM Popov Anton <Anton.Popov@t-platforms.ru> wrote:
>
> util-linux source produce some binaries with setuid bit set
>
> do_install function produce binaries in /sbin and /bin with uid:gid
> of user who build image this lead to messages like this:
> mount /dev/sdb1 /mnt/flash
> mount: only root can do that (effective UID is 1000)
> this patch changing owner of binaries in /bin and /sbin to 0:0
>
> Signed-off-by: Anton Popov <Anton.Popov@t-platforms.ru>
> ---
> meta/recipes-core/util-linux/util-linux.inc | 21 +++++++++++++++++++++
> 1 file changed, 21 insertions(+)
>
> diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc
> index 34255a2dec..d75a2dd399 100644
> --- a/meta/recipes-core/util-linux/util-linux.inc
> +++ b/meta/recipes-core/util-linux/util-linux.inc
> @@ -201,6 +201,27 @@ do_install () {
> fi
> }
>
> +# when building yocto image with non-root user some binaries appears in resulting
> +# image with rights of user who build image. This behaviour may lead to misfunction
> +# of some binaries like mount because of setuid bit on them:
> +# mount /dev/sdb1 /mnt/flash
> +# mount: only root can do that (effective UID is 1000)
> +# ls -ld which mount
> +# lrwxrwxrwx 1 root root 21 Jan 2 1970 /bin/mount -> /bin/mount.util-linux # root@mitx-fp32:/mnt/system/initrd# ls -ld /bin/mount.util-linux # -rwsr-xr-x 1 1000 1000 28020 Apr 23 12:49 /bin/mount.util-linux
> +do_install_append_class-target () {
> + for p in $sbinprogs $sbinprogs_a; do
> + if [ -f "${D}${base_sbindir}/$p" ]; then
> + chown 0:0 "${D}${base_sbindir}/$p"
> + fi
> + done
> + for p in $binprogs_a; do
> + if [ -f "${D}${base_bindir}/$p" ]; then
> + chown 0:0 "${D}${base_bindir}/$p"
> + fi
> + done
> +}
> +
> +
> # nologin causes a conflict with shadow-native
> # kill causes a conflict with coreutils-native (if ${bindir}==${base_bindir})
> do_install_append_class-native () {
> --
> 2.20.1
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] util-linux: fix owner and group for binaries in resulting image
2019-05-07 12:47 ` HA: " Popov Anton
@ 2019-05-07 19:53 ` Jacob Kroon
2019-05-07 20:08 ` HA: " Burton, Ross
1 sibling, 0 replies; 6+ messages in thread
From: Jacob Kroon @ 2019-05-07 19:53 UTC (permalink / raw)
To: Popov Anton; +Cc: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 3748 bytes --]
Which host distributionen are you using?
On Tue, 7 May 2019, 14:47 Popov Anton, <Anton.Popov@t-platforms.ru> wrote:
> Hi,
>
> I don't think so. At the moment we are using rocko release and found this
> problem in util-linux-2.30 recipe.
>
> the problem is that util-linux builds with regular user permissions and
> result files are owned by user with uid 1000 in our case. for most of
> binaries in /bin and /sbin generated by util-linux this permissions issue
> is not a problem (Because all binaries has o+x set). But for those of them
> who have suid bit setted it became a real trouble.
>
> With best regards,
> Anton Popov
>
> ________________________________________
> От: Jacob Kroon [jacob.kroon@gmail.com]
> Отправлено: 7 мая 2019 г. 8:04
> Кому: Popov Anton
> Копия: openembedded-core@lists.openembedded.org
> Тема: Re: [OE-core] [PATCH] util-linux: fix owner and group for binaries
> in resulting image
>
> Hi,
> Are we sure this is not caused by the new glibc2.29/pseudo problems
> that has been seen previously ?
> Which distro are you building on, and which version of poky/oe are you
> using ?
> /Jacob
>
> On Mon, May 6, 2019 at 5:46 PM Popov Anton <Anton.Popov@t-platforms.ru>
> wrote:
> >
> > util-linux source produce some binaries with setuid bit set
> >
> > do_install function produce binaries in /sbin and /bin with uid:gid
> > of user who build image this lead to messages like this:
> > mount /dev/sdb1 /mnt/flash
> > mount: only root can do that (effective UID is 1000)
> > this patch changing owner of binaries in /bin and /sbin to 0:0
> >
> > Signed-off-by: Anton Popov <Anton.Popov@t-platforms.ru>
> > ---
> > meta/recipes-core/util-linux/util-linux.inc | 21 +++++++++++++++++++++
> > 1 file changed, 21 insertions(+)
> >
> > diff --git a/meta/recipes-core/util-linux/util-linux.inc
> b/meta/recipes-core/util-linux/util-linux.inc
> > index 34255a2dec..d75a2dd399 100644
> > --- a/meta/recipes-core/util-linux/util-linux.inc
> > +++ b/meta/recipes-core/util-linux/util-linux.inc
> > @@ -201,6 +201,27 @@ do_install () {
> > fi
> > }
> >
> > +# when building yocto image with non-root user some binaries appears in
> resulting
> > +# image with rights of user who build image. This behaviour may lead to
> misfunction
> > +# of some binaries like mount because of setuid bit on them:
> > +# mount /dev/sdb1 /mnt/flash
> > +# mount: only root can do that (effective UID is 1000)
> > +# ls -ld which mount
> > +# lrwxrwxrwx 1 root root 21 Jan 2 1970 /bin/mount
> -> /bin/mount.util-linux
> # root@mitx-fp32:/mnt/system/initrd#
> ls -ld /bin/mount.util-linux
> #
> -rwsr-xr-x 1 1000 1000 28020 Apr 23 12:49
> /bin/mount.util-linux
> > +do_install_append_class-target () {
> > + for p in $sbinprogs $sbinprogs_a; do
> > + if [ -f "${D}${base_sbindir}/$p" ]; then
> > + chown 0:0 "${D}${base_sbindir}/$p"
> > + fi
> > + done
> > + for p in $binprogs_a; do
> > + if [ -f "${D}${base_bindir}/$p" ]; then
> > + chown 0:0 "${D}${base_bindir}/$p"
> > + fi
> > + done
> > +}
> > +
> > +
> > # nologin causes a conflict with shadow-native
> > # kill causes a conflict with coreutils-native (if
> ${bindir}==${base_bindir})
> > do_install_append_class-native () {
> > --
> > 2.20.1
> > --
> > _______________________________________________
> > Openembedded-core mailing list
> > Openembedded-core@lists.openembedded.org
> > http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
[-- Attachment #2: Type: text/html, Size: 5152 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: HA: [PATCH] util-linux: fix owner and group for binaries in resulting image
2019-05-07 12:47 ` HA: " Popov Anton
2019-05-07 19:53 ` Jacob Kroon
@ 2019-05-07 20:08 ` Burton, Ross
2019-05-08 12:53 ` HA: " Popov Anton
1 sibling, 1 reply; 6+ messages in thread
From: Burton, Ross @ 2019-05-07 20:08 UTC (permalink / raw)
To: Popov Anton; +Cc: openembedded-core
On Tue, 7 May 2019 at 13:47, Popov Anton <Anton.Popov@t-platforms.ru> wrote:
> I don't think so. At the moment we are using rocko release and found this problem in util-linux-2.30 recipe.
>
> the problem is that util-linux builds with regular user permissions and result files are owned by user with uid 1000 in our case. for most of binaries in /bin and /sbin generated by util-linux this permissions issue is not a problem (Because all binaries has o+x set). But for those of them who have suid bit setted it became a real trouble.
Can you give an example of a concrete filename and demonstrate this by
e.g. listing the contents of a package from deploy? For example with
master:
$ dpkg-deb -c util-linux-mount_2.32.1-r0_corei7-64.ipk
-rwsr-xr-x root/root 47152 2019-05-07 14:40 ./bin/mount.util-linux
Permissions look right to me.
Ross
^ permalink raw reply [flat|nested] 6+ messages in thread
* HA: HA: [PATCH] util-linux: fix owner and group for binaries in resulting image
2019-05-07 20:08 ` HA: " Burton, Ross
@ 2019-05-08 12:53 ` Popov Anton
0 siblings, 0 replies; 6+ messages in thread
From: Popov Anton @ 2019-05-08 12:53 UTC (permalink / raw)
To: Burton, Ross; +Cc: openembedded-core
Good day!
Sorry guys, It looks like that the problem is not in recipe but somehow conected with host distro:
we can not reproduce problem on linux mint 19.1 host distro
but steel face problem with permissions on CentOS Linux release 7.6.1810 (Core)
requested output of package content:
dpkg -c util-linux-mount_2.30-r0_mipsel.deb
drwxrwxrwx root/root 0 2019-05-08 14:58 ./
drwxr-xr-x root/root 0 2019-05-08 14:58 ./bin/
-rwsr-xr-x 1000/1000 27956 2019-05-08 14:58 ./bin/mount.util-linux
With best regards,
Popov Anton
________________________________________
От: Burton, Ross [ross.burton@intel.com]
Отправлено: 7 мая 2019 г. 23:08
Кому: Popov Anton
Копия: Jacob Kroon; openembedded-core@lists.openembedded.org
Тема: Re: [OE-core] HA: [PATCH] util-linux: fix owner and group for binaries in resulting image
On Tue, 7 May 2019 at 13:47, Popov Anton <Anton.Popov@t-platforms.ru> wrote:
> I don't think so. At the moment we are using rocko release and found this problem in util-linux-2.30 recipe.
>
> the problem is that util-linux builds with regular user permissions and result files are owned by user with uid 1000 in our case. for most of binaries in /bin and /sbin generated by util-linux this permissions issue is not a problem (Because all binaries has o+x set). But for those of them who have suid bit setted it became a real trouble.
Can you give an example of a concrete filename and demonstrate this by
e.g. listing the contents of a package from deploy? For example with
master:
$ dpkg-deb -c util-linux-mount_2.32.1-r0_corei7-64.ipk
-rwsr-xr-x root/root 47152 2019-05-07 14:40 ./bin/mount.util-linux
Permissions look right to me.
Ross
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-05-08 12:53 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-06 15:38 [PATCH] util-linux: fix owner and group for binaries in resulting image Popov Anton
2019-05-07 5:04 ` Jacob Kroon
2019-05-07 12:47 ` HA: " Popov Anton
2019-05-07 19:53 ` Jacob Kroon
2019-05-07 20:08 ` HA: " Burton, Ross
2019-05-08 12:53 ` HA: " Popov Anton
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.