diff options
author | José Bollo <jose.bollo@iot.bzh> | 2017-03-13 10:57:23 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-03-17 16:53:05 +0000 |
commit | 39858da23037b377604c2770c659505a12f90e30 (patch) | |
tree | 0ba7dc44bebb3705669fa7590bcbe893c929b753 /meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch | |
parent | 36f3c889709c492c6a451cc0326e1f760903aa8c (diff) | |
download | poky-39858da23037b377604c2770c659505a12f90e30.tar.gz |
shadow: 'useradd' copies root's extended attributes
The copy of extended attributes is interesting for
Smack systems because it allows to set the security
template of the user's home directories without
modifying the tools (useradd here). But the version
of useradd that copies the extended attributes doesn't
copy the extended attributes of the root. This can make
use of homes impossible! This patch corrects the issue
by copying the extended attributes of the root directory:
/home/user will get the extended attributes of /etc/skel.
The patch is submitted upstream (see
http://lists.alioth.debian.org/pipermail/pkg-shadow-commits/2017-March/003804.html)
The existing patch specific to open-embedded is updated:
0001-useradd.c-create-parent-directories-when-necessary.patch
Also, attr are activated for native tools.
This is needed when users are created during image creation.
(From OE-Core rev: eed66e85af5ca6bbdd80cc3d5cf8453e8d8880bc)
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch')
-rw-r--r-- | meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch b/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch index 68da25f406..615c6e002d 100644 --- a/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch +++ b/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch | |||
@@ -118,7 +118,7 @@ diff --git a/src/useradd.c b/src/useradd.c | |||
118 | index b3bd451..4416f90 100644 | 118 | index b3bd451..4416f90 100644 |
119 | --- a/src/useradd.c | 119 | --- a/src/useradd.c |
120 | +++ b/src/useradd.c | 120 | +++ b/src/useradd.c |
121 | @@ -773,6 +773,7 @@ static void usage (int status) | 121 | @@ -776,6 +776,7 @@ static void usage (int status) |
122 | (void) fputs (_(" -o, --non-unique allow to create users with duplicate\n" | 122 | (void) fputs (_(" -o, --non-unique allow to create users with duplicate\n" |
123 | " (non-unique) UID\n"), usageout); | 123 | " (non-unique) UID\n"), usageout); |
124 | (void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), usageout); | 124 | (void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), usageout); |
@@ -126,7 +126,7 @@ index b3bd451..4416f90 100644 | |||
126 | (void) fputs (_(" -r, --system create a system account\n"), usageout); | 126 | (void) fputs (_(" -r, --system create a system account\n"), usageout); |
127 | (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); | 127 | (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); |
128 | (void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), usageout); | 128 | (void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), usageout); |
129 | @@ -1047,6 +1048,7 @@ static void process_flags (int argc, char **argv) | 129 | @@ -1050,6 +1051,7 @@ static void process_flags (int argc, char **argv) |
130 | {"no-user-group", no_argument, NULL, 'N'}, | 130 | {"no-user-group", no_argument, NULL, 'N'}, |
131 | {"non-unique", no_argument, NULL, 'o'}, | 131 | {"non-unique", no_argument, NULL, 'o'}, |
132 | {"password", required_argument, NULL, 'p'}, | 132 | {"password", required_argument, NULL, 'p'}, |
@@ -134,7 +134,7 @@ index b3bd451..4416f90 100644 | |||
134 | {"system", no_argument, NULL, 'r'}, | 134 | {"system", no_argument, NULL, 'r'}, |
135 | {"root", required_argument, NULL, 'R'}, | 135 | {"root", required_argument, NULL, 'R'}, |
136 | {"shell", required_argument, NULL, 's'}, | 136 | {"shell", required_argument, NULL, 's'}, |
137 | @@ -1059,9 +1061,9 @@ static void process_flags (int argc, char **argv) | 137 | @@ -1062,9 +1064,9 @@ static void process_flags (int argc, char **argv) |
138 | }; | 138 | }; |
139 | while ((c = getopt_long (argc, argv, | 139 | while ((c = getopt_long (argc, argv, |
140 | #ifdef WITH_SELINUX | 140 | #ifdef WITH_SELINUX |
@@ -146,7 +146,7 @@ index b3bd451..4416f90 100644 | |||
146 | #endif /* !WITH_SELINUX */ | 146 | #endif /* !WITH_SELINUX */ |
147 | long_options, NULL)) != -1) { | 147 | long_options, NULL)) != -1) { |
148 | switch (c) { | 148 | switch (c) { |
149 | @@ -1227,6 +1229,9 @@ static void process_flags (int argc, char **argv) | 149 | @@ -1230,6 +1232,9 @@ static void process_flags (int argc, char **argv) |
150 | } | 150 | } |
151 | user_pass = optarg; | 151 | user_pass = optarg; |
152 | break; | 152 | break; |