diff options
| author | Laurentiu Palcu <laurentiu.palcu@intel.com> | 2013-07-03 17:02:49 +0300 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2013-07-10 09:41:54 +0100 |
| commit | f638364eff3b7a2de7953d154fb2451c51729911 (patch) | |
| tree | 482ab5e68a4963b3b734738175dabe96fef4a95e /meta/recipes-core/sysvinit | |
| parent | 1cf75b5fd35026f90fb606897d4cb902ff0d960c (diff) | |
| download | poky-f638364eff3b7a2de7953d154fb2451c51729911.tar.gz | |
sysvinit: allow users in shutdown group to perform halt/reboot
For this to happen:
* 'shutdown' group has been created;
* changed ownership group for /sbin/halt and /sbin/shutdown to 'shutdown';
* deny execution rights to other users except 'root' and those belonging
to 'shutdown' group;
* set setuid bit to both apps;
So, basically, in order for a normal user to be able to shutdown/reboot
the machine, it must be a member of 'shutdown' group.
Other changes:
* fixed identation for 2 lines that used spaces instead of tabs;
[YOCTO #4345]
(From OE-Core rev: b32d06fbe797cd39cc19f62bda8a698effe7c0ea)
Signed-off-by: Laurentiu Palcu <laurentiu.palcu@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/sysvinit')
| -rw-r--r-- | meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb b/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb index e64b67a683..784d538ea2 100644 --- a/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb +++ b/meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb | |||
| @@ -25,7 +25,7 @@ SRC_URI[sha256sum] = "60bbc8c1e1792056e23761d22960b30bb13eccc2cabff8c7310a01f4d5 | |||
| 25 | S = "${WORKDIR}/sysvinit-${PV}" | 25 | S = "${WORKDIR}/sysvinit-${PV}" |
| 26 | B = "${S}/src" | 26 | B = "${S}/src" |
| 27 | 27 | ||
| 28 | inherit update-alternatives | 28 | inherit update-alternatives useradd |
| 29 | DEPENDS_append = " update-rc.d-native" | 29 | DEPENDS_append = " update-rc.d-native" |
| 30 | 30 | ||
| 31 | ALTERNATIVE_${PN} = "init mountpoint halt reboot runlevel shutdown poweroff last mesg utmpdump wall" | 31 | ALTERNATIVE_${PN} = "init mountpoint halt reboot runlevel shutdown poweroff last mesg utmpdump wall" |
| @@ -54,6 +54,9 @@ ALTERNATIVE_LINK_NAME[sulogin.8] = "${mandir}/man8/sulogin.8" | |||
| 54 | ALTERNATIVE_LINK_NAME[utmpdump.1] = "${mandir}/man1/utmpdump.1" | 54 | ALTERNATIVE_LINK_NAME[utmpdump.1] = "${mandir}/man1/utmpdump.1" |
| 55 | ALTERNATIVE_LINK_NAME[wall.1] = "${mandir}/man1/wall.1" | 55 | ALTERNATIVE_LINK_NAME[wall.1] = "${mandir}/man1/wall.1" |
| 56 | 56 | ||
| 57 | USERADD_PACKAGES = "${PN}" | ||
| 58 | GROUPADD_PARAM_${PN} = "--system shutdown" | ||
| 59 | |||
| 57 | PACKAGES =+ "sysvinit-pidof sysvinit-sulogin" | 60 | PACKAGES =+ "sysvinit-pidof sysvinit-sulogin" |
| 58 | FILES_${PN} += "${base_sbindir}/* ${base_bindir}/*" | 61 | FILES_${PN} += "${base_sbindir}/* ${base_bindir}/*" |
| 59 | FILES_sysvinit-pidof = "${base_bindir}/pidof.sysvinit ${base_sbindir}/killall5" | 62 | FILES_sysvinit-pidof = "${base_bindir}/pidof.sysvinit ${base_sbindir}/killall5" |
| @@ -87,6 +90,9 @@ do_install () { | |||
| 87 | install -m 0755 ${WORKDIR}/bootlogd.init ${D}${sysconfdir}/init.d/bootlogd | 90 | install -m 0755 ${WORKDIR}/bootlogd.init ${D}${sysconfdir}/init.d/bootlogd |
| 88 | ln -sf bootlogd ${D}${sysconfdir}/init.d/stop-bootlogd | 91 | ln -sf bootlogd ${D}${sysconfdir}/init.d/stop-bootlogd |
| 89 | 92 | ||
| 90 | update-rc.d -r ${D} bootlogd start 07 S . | 93 | update-rc.d -r ${D} bootlogd start 07 S . |
| 91 | update-rc.d -r ${D} stop-bootlogd start 99 2 3 4 5 . | 94 | update-rc.d -r ${D} stop-bootlogd start 99 2 3 4 5 . |
| 95 | |||
| 96 | chown root.shutdown ${D}${base_sbindir}/halt ${D}${base_sbindir}/shutdown | ||
| 97 | chmod o-x,u+s ${D}${base_sbindir}/halt ${D}${base_sbindir}/shutdown | ||
| 92 | } | 98 | } |