diff options
Diffstat (limited to 'recipes-core/systemd')
-rw-r--r-- | recipes-core/systemd/files/basic.conf.in | 50 | ||||
-rw-r--r-- | recipes-core/systemd/systemd_247.6.bbappend | 25 |
2 files changed, 75 insertions, 0 deletions
diff --git a/recipes-core/systemd/files/basic.conf.in b/recipes-core/systemd/files/basic.conf.in new file mode 100644 index 0000000..6532f64 --- /dev/null +++ b/recipes-core/systemd/files/basic.conf.in | |||
@@ -0,0 +1,50 @@ | |||
1 | # This file is part of systemd. | ||
2 | # | ||
3 | # systemd is free software; you can redistribute it and/or modify it | ||
4 | # under the terms of the GNU Lesser General Public License as published by | ||
5 | # the Free Software Foundation; either version 2.1 of the License, or | ||
6 | # (at your option) any later version. | ||
7 | |||
8 | # The superuser | ||
9 | u root 0 "Super User" /root | ||
10 | |||
11 | # Administrator group: can *see* more than normal users | ||
12 | g adm - - - | ||
13 | |||
14 | # Access to certain kernel and userspace facilities | ||
15 | g kmem - - - | ||
16 | g tty @TTY_GID@ - - | ||
17 | g utmp - - - | ||
18 | |||
19 | # Hardware access groups | ||
20 | g audio - - - | ||
21 | g cdrom - - - | ||
22 | g dialout - - - | ||
23 | g disk - - - | ||
24 | g input - - - | ||
25 | g lp - - - | ||
26 | g tape - - - | ||
27 | g video - - - | ||
28 | |||
29 | # Default group for normal users | ||
30 | g users @USERS_GID@ - - | ||
31 | ## ENEA_start ## | ||
32 | # Handle systemd-sysusers hardcoded users/groups interfering with OSTree upgrades: | ||
33 | # - nothing in NFVA uses the wheel group, do not create it; | ||
34 | # - the 'nobody' group was automatically created for the existing 'nobody' user, | ||
35 | # which is not necessary, NFVA already has 'nogroup' (GID 65534); | ||
36 | # | ||
37 | # Administrator group: can *do* more than normal users | ||
38 | # g wheel - - - | ||
39 | # The nobody user for NFS file systems | ||
40 | # u @NOBODY_USER_NAME@ 65534 "Nobody" - | ||
41 | # | ||
42 | # Keep the next users/groups in sync with those in <layer>/files/{passwd,group} | ||
43 | # If an upgrade updates /etc/{passwd,group} then the next users and groups already exist | ||
44 | # and the next lines will do nothing. If the upgrade did not update /etc/{passwd,group} | ||
45 | # we must dynamically add them, with fixed ids. Ids are the same as in | ||
46 | # <layer>/files/{passwd,group} | ||
47 | g kvm 47 - - | ||
48 | m qemu kvm | ||
49 | g render 983 - - | ||
50 | ## ENEA_end ## | ||
diff --git a/recipes-core/systemd/systemd_247.6.bbappend b/recipes-core/systemd/systemd_247.6.bbappend new file mode 100644 index 0000000..eb2b118 --- /dev/null +++ b/recipes-core/systemd/systemd_247.6.bbappend | |||
@@ -0,0 +1,25 @@ | |||
1 | FILESEXTRAPATHS_prepend := "${THISDIR}/files:" | ||
2 | |||
3 | SRC_URI_append_sota = " file://basic.conf.in" | ||
4 | |||
5 | GROUPADD_PARAM_${PN}_append_sota = "; -r render" | ||
6 | |||
7 | # systemd uses certain groups unless configured not to (e.g. journal logs are more | ||
8 | # broadly available to the 'wheel' group unless told otherwise), while some resources | ||
9 | # are using to the 'nobody' group. Configure systemd to: | ||
10 | # - not use the 'wheel' group (journal access will be restriced to root user); | ||
11 | # - use the proper group for 'nobody', which should have GID 65534 (for NFVA 'nogroup'); | ||
12 | EXTRA_OEMESON += " \ | ||
13 | -Dwheel-group=false \ | ||
14 | -Dnobody-group=nogroup \ | ||
15 | " | ||
16 | |||
17 | do_configure_prepend_sota() { | ||
18 | cp ${WORKDIR}/basic.conf.in ${S}/sysusers.d/basic.conf.in | ||
19 | } | ||
20 | |||
21 | do_install_append () { | ||
22 | # Update default udev rules for /dev/kvm to be less permissive | ||
23 | sed -e 's/\(KERNEL=="kvm".*\)0666/\10660/' \ | ||
24 | -i ${D}${rootlibexecdir}/udev/rules.d/50-udev-default.rules | ||
25 | } | ||