summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended
diff options
context:
space:
mode:
authorBogdan Purcareata <bogdan.purcareata@freescale.com>2014-10-27 11:51:34 -0400
committerRichard Purdie <richard.purdie@linuxfoundation.org>2014-12-31 10:18:35 +0000
commit637580101cb4f2c3497e3dfd07454fa550a6b7c4 (patch)
tree8887099708b7b73527efd004e560663979778d9f /meta/recipes-extended
parent673bb3cffc1fdedb7c25178233c8699650194545 (diff)
downloadpoky-637580101cb4f2c3497e3dfd07454fa550a6b7c4.tar.gz
shadow: enable support for subordinate IDs
The subordinate IDs support in pkg-shadow allows unprivileged users to manage a set of UIDs and GIDs. These subordinate IDs are specified by root, and can be further used by the unprivileged user they have been assigned to. This user can then create an e.g. user namespace, where he is allowed to manage his own set of users and group from the pool of subordinate IDs. More details can be found at http://lwn.net/Articles/533617/. Pull a required change from upstream in order to make shadow cross-compile with subordinate IDs support. Enable flag in recipe. Changes since v1: - update changelog (From OE-Core rev: 8548868c05e52700fd4712298b1705b8ec7ae446) (From OE-Core rev: 986e7f4a937bb21115ed56d981baa863365487ea) Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended')
-rw-r--r--meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch41
-rw-r--r--meta/recipes-extended/shadow/shadow.inc3
2 files changed, 43 insertions, 1 deletions
diff --git a/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch b/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch
new file mode 100644
index 0000000000..60f2ed548a
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch
@@ -0,0 +1,41 @@
1From 2cb54158b80cdbd97ca3b36df83f9255e923ae3f Mon Sep 17 00:00:00 2001
2From: James Le Cuirot <chewi@aura-online.co.uk>
3Date: Sat, 23 Aug 2014 09:46:39 +0100
4Subject: [PATCH] Check size of uid_t and gid_t using AC_CHECK_SIZEOF
5
6This built-in check is simpler than the previous method and, most
7importantly, works when cross-compiling.
8
9Upstream-Status: Accepted
10[https://github.com/shadow-maint/shadow/commit/2cb54158b80cdbd97ca3b36df83f9255e923ae3f]
11
12Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
13---
14 configure.in | 14 ++++----------
15 1 file changed, 4 insertions(+), 10 deletions(-)
16
17diff --git a/configure.in b/configure.in
18index 1a3f841..4a4d6d0 100644
19--- a/configure.in
20+++ b/configure.in
21@@ -335,16 +335,10 @@ if test "$enable_subids" != "no"; then
22 dnl
23 dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc
24 dnl
25- AC_RUN_IFELSE([AC_LANG_SOURCE([
26-#include <sys/types.h>
27-int main(void) {
28- uid_t u;
29- gid_t g;
30- return (sizeof u < 4) || (sizeof g < 4);
31-}
32- ])], [id32bit="yes"], [id32bit="no"])
33-
34- if test "x$id32bit" = "xyes"; then
35+ AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"])
36+ AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"])
37+
38+ if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4; then
39 AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.])
40 enable_subids="yes"
41 else
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
index 6a769dfc5c..131e541d29 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -16,6 +16,7 @@ SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \
16 file://fix-installation-failure-with-subids-disabled.patch \ 16 file://fix-installation-failure-with-subids-disabled.patch \
17 file://0001-su.c-fix-to-exec-command-correctly.patch \ 17 file://0001-su.c-fix-to-exec-command-correctly.patch \
18 file://0001-Do-not-read-login.defs-before-doing-chroot.patch \ 18 file://0001-Do-not-read-login.defs-before-doing-chroot.patch \
19 file://check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch \
19 ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ 20 ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
20 " 21 "
21 22
@@ -52,7 +53,7 @@ EXTRA_OECONF += "--without-audit \
52 --without-libcrack \ 53 --without-libcrack \
53 --without-selinux \ 54 --without-selinux \
54 --with-group-name-max-length=24 \ 55 --with-group-name-max-length=24 \
55 --enable-subordinate-ids=no \ 56 --enable-subordinate-ids=yes \
56 ${NSCDOPT}" 57 ${NSCDOPT}"
57 58
58NSCDOPT = "" 59NSCDOPT = ""