diff options
author | Matei Valeanu <Matei.Valeanu@enea.com> | 2021-06-24 17:29:04 +0200 |
---|---|---|
committer | Alexandru Avadanii <Alexandru.Avadanii@enea.com> | 2021-06-30 06:35:36 +0200 |
commit | eea99925d3bef32434653aa6c2fabe6de24be950 (patch) | |
tree | 758367825ddfa8eeb214d1531ad796e6d199081a /recipes-core | |
parent | 7ede3bf0c747d741994e85230e8d9e529b33c9ab (diff) | |
download | meta-el-nfv-access-eea99925d3bef32434653aa6c2fabe6de24be950.tar.gz |
Update UID/GID
New groups and users:
-g - kvm: added by libvirt [2]
-g - render: added by systemd, after boot-up introduced in [1]
Removed groups and users:
-g and u - systemd-resolve and systemd-network:
both were only kept for backward compatibility, not needed anymore
-g - lock: systemd_246.9.bb no longer adds it in GROUPADD_PARAM,
unlike systemd version on 2.4.0-2
-g and u - polkitd: systemd_246.9.bb no longer adds polkit in
PACKAGECONFIG
-g and u - ntp: meta-enea-virtualization/recipes-enea/ntp-user-stub/\
ntp-user-stub_1.0.bb removed
-g - netdev: dbus_1.12.20.bb no longer adds netdev in GROUPADD_PARAM
Added systemd_246.9.bbappend to overwrite basic.conf.in
and add 'render' using GROUPADD_PARAM at build-time instead on boot-time
Add new groups/users in basic.conf.in using fixed ids, in sync with
<layer>/files/{group,passwd}
[1] https://github.com/systemd/systemd/commit/4e15a7343cb
[2] https://git.yoctoproject.org/cgit/cgit.cgi/meta-virtualization/\
commit/recipes-extended/libvirt?h=gatesgarth&id=b5b5defc78ea03c8
Change-Id: If1768a544c53552bf2eff1d8051830975ae0ed2f
Signed-off-by: Matei Valeanu <Matei.Valeanu@enea.com>
Diffstat (limited to 'recipes-core')
-rw-r--r-- | recipes-core/systemd/files/basic.conf.in | 50 | ||||
-rw-r--r-- | recipes-core/systemd/systemd_247.6.bbappend | 19 |
2 files changed, 69 insertions, 0 deletions
diff --git a/recipes-core/systemd/files/basic.conf.in b/recipes-core/systemd/files/basic.conf.in new file mode 100644 index 0000000..6532f64 --- /dev/null +++ b/recipes-core/systemd/files/basic.conf.in | |||
@@ -0,0 +1,50 @@ | |||
1 | # This file is part of systemd. | ||
2 | # | ||
3 | # systemd is free software; you can redistribute it and/or modify it | ||
4 | # under the terms of the GNU Lesser General Public License as published by | ||
5 | # the Free Software Foundation; either version 2.1 of the License, or | ||
6 | # (at your option) any later version. | ||
7 | |||
8 | # The superuser | ||
9 | u root 0 "Super User" /root | ||
10 | |||
11 | # Administrator group: can *see* more than normal users | ||
12 | g adm - - - | ||
13 | |||
14 | # Access to certain kernel and userspace facilities | ||
15 | g kmem - - - | ||
16 | g tty @TTY_GID@ - - | ||
17 | g utmp - - - | ||
18 | |||
19 | # Hardware access groups | ||
20 | g audio - - - | ||
21 | g cdrom - - - | ||
22 | g dialout - - - | ||
23 | g disk - - - | ||
24 | g input - - - | ||
25 | g lp - - - | ||
26 | g tape - - - | ||
27 | g video - - - | ||
28 | |||
29 | # Default group for normal users | ||
30 | g users @USERS_GID@ - - | ||
31 | ## ENEA_start ## | ||
32 | # Handle systemd-sysusers hardcoded users/groups interfering with OSTree upgrades: | ||
33 | # - nothing in NFVA uses the wheel group, do not create it; | ||
34 | # - the 'nobody' group was automatically created for the existing 'nobody' user, | ||
35 | # which is not necessary, NFVA already has 'nogroup' (GID 65534); | ||
36 | # | ||
37 | # Administrator group: can *do* more than normal users | ||
38 | # g wheel - - - | ||
39 | # The nobody user for NFS file systems | ||
40 | # u @NOBODY_USER_NAME@ 65534 "Nobody" - | ||
41 | # | ||
42 | # Keep the next users/groups in sync with those in <layer>/files/{passwd,group} | ||
43 | # If an upgrade updates /etc/{passwd,group} then the next users and groups already exist | ||
44 | # and the next lines will do nothing. If the upgrade did not update /etc/{passwd,group} | ||
45 | # we must dynamically add them, with fixed ids. Ids are the same as in | ||
46 | # <layer>/files/{passwd,group} | ||
47 | g kvm 47 - - | ||
48 | m qemu kvm | ||
49 | g render 983 - - | ||
50 | ## ENEA_end ## | ||
diff --git a/recipes-core/systemd/systemd_247.6.bbappend b/recipes-core/systemd/systemd_247.6.bbappend new file mode 100644 index 0000000..871da64 --- /dev/null +++ b/recipes-core/systemd/systemd_247.6.bbappend | |||
@@ -0,0 +1,19 @@ | |||
1 | FILESEXTRAPATHS_prepend := "${THISDIR}/files:" | ||
2 | |||
3 | SRC_URI_append_sota = " file://basic.conf.in" | ||
4 | |||
5 | GROUPADD_PARAM_${PN}_append_sota = "; -r render" | ||
6 | |||
7 | # systemd uses certain groups unless configured not to (e.g. journal logs are more | ||
8 | # broadly available to the 'wheel' group unless told otherwise), while some resources | ||
9 | # are using to the 'nobody' group. Configure systemd to: | ||
10 | # - not use the 'wheel' group (journal access will be restriced to root user); | ||
11 | # - use the proper group for 'nobody', which should have GID 65534 (for NFVA 'nogroup'); | ||
12 | EXTRA_OEMESON += " \ | ||
13 | -Dwheel-group=false \ | ||
14 | -Dnobody-group=nogroup \ | ||
15 | " | ||
16 | |||
17 | do_configure_prepend_sota() { | ||
18 | cp ${WORKDIR}/basic.conf.in ${S}/sysusers.d/basic.conf.in | ||
19 | } | ||