summaryrefslogtreecommitdiffstats
path: root/scripts
diff options
context:
space:
mode:
authorScott Garman <scott.a.garman@intel.com>2010-10-03 21:39:14 -0700
committerRichard Purdie <rpurdie@linux.intel.com>2010-10-07 19:48:17 +0100
commitc8a181e847660bb9d7faedad0bed7d05afbe8103 (patch)
treecf548194e5591459b323b672abda5c759b183791 /scripts
parentfb2430212521680d593c8c725a9dfb635f40bd59 (diff)
downloadpoky-c8a181e847660bb9d7faedad0bed7d05afbe8103.tar.gz
poky-qemu-ifup/ifdown: Require root privileges to run
This fixes [BUGID #232], requiring root privileges to run these scripts and giving an error prompt when that requirement is not met. The tunctl uid fallback code has also been removed, as we can rely on the specific version of tunctl run from the native sysroot. Signed-off-by: Scott Garman <scott.a.garman@intel.com>
Diffstat (limited to 'scripts')
-rwxr-xr-xscripts/poky-qemu-ifdown18
-rwxr-xr-xscripts/poky-qemu-ifup53
2 files changed, 35 insertions, 36 deletions
diff --git a/scripts/poky-qemu-ifdown b/scripts/poky-qemu-ifdown
index 93a87559af..ece2dc998a 100755
--- a/scripts/poky-qemu-ifdown
+++ b/scripts/poky-qemu-ifdown
@@ -1,6 +1,15 @@
1#!/bin/bash 1#!/bin/bash
2# 2#
3# QEMU network interface configuration script. 3# QEMU network configuration script to bring down tap devices. This
4# utility needs to be run as root, and will use the tunctl binary
5# from a Poky sysroot.
6#
7# If you find yourself calling this script a lot, you can add the
8# the following to your /etc/sudoers file to be able to run this
9# command without entering your password each time:
10#
11# <my-username> ALL=NOPASSWD: /path/to/poky-qemu-ifup
12# <my-username> ALL=NOPASSWD: /path/to/poky-qemu-ifdown
4# 13#
5# Copyright (c) 2006-2010 Intel Corp. 14# Copyright (c) 2006-2010 Intel Corp.
6# 15#
@@ -18,9 +27,14 @@
18# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 27# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19 28
20usage() { 29usage() {
21 echo "$0 <tap-dev> <native-sysroot-basedir>" 30 echo "sudo $0 <tap-dev> <native-sysroot-basedir>"
22} 31}
23 32
33if [ $EUID -ne 0 ]; then
34 echo "Error: This script (poky-qemu-ifdown) must be run with root privileges"
35 exit 1
36fi
37
24if [ $# -ne 2 ]; then 38if [ $# -ne 2 ]; then
25 usage 39 usage
26 exit 1 40 exit 1
diff --git a/scripts/poky-qemu-ifup b/scripts/poky-qemu-ifup
index 5ae6c6aefb..cd4c47b608 100755
--- a/scripts/poky-qemu-ifup
+++ b/scripts/poky-qemu-ifup
@@ -6,14 +6,17 @@
6# tunctl which does not support the group permissions option, hence 6# tunctl which does not support the group permissions option, hence
7# the need to use Poky's version. 7# the need to use Poky's version.
8# 8#
9# If this script is being run standalone in order to set up a bank of tap 9# If you find yourself calling this script a lot, you can add the
10# devices for later qemu use, then a group id must be the first argument. 10# the following to your /etc/sudoers file to be able to run this
11# The resulting tap device will be group-owned by this group, and qemu 11# command without entering your password each time:
12# users must be members of this group.
13# 12#
14# If the kernel is too old to support TUNSETGROUP, then a user must be passed 13# <my-username> ALL=NOPASSWD: /path/to/poky-qemu-ifup
15# in as the second argument, the tap device will be owned by that user, and 14# <my-username> ALL=NOPASSWD: /path/to/poky-qemu-ifdown
16# only that user will be able to use it. 15#
16# If you'd like to create a bank of tap devices at once, you should use
17# the poky-gen-tapdevs script instead. If tap devices are set up using
18# that script, the poky-qemu script will never end up calling this
19# script.
17# 20#
18# Copyright (c) 2006-2010 Intel Corp. 21# Copyright (c) 2006-2010 Intel Corp.
19# 22#
@@ -31,26 +34,24 @@
31# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 34# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
32 35
33usage() { 36usage() {
34 echo "$0 <gid> {uid} <native-sysroot-basedir>" 37 echo "sudo $0 <gid> <native-sysroot-basedir>"
35 echo "Where uid is *only* included if this script complains when it's missing"
36} 38}
37 39
38if [[ $# -lt 2 || $# -gt 3 ]]; then 40if [ $EUID -ne 0 ]; then
41 echo "Error: This script (poky-qemu-ifup) must be run with root privileges"
42 exit 1
43fi
44
45if [ $# -ne 2 ]; then
39 usage 46 usage
40 exit 1 47 exit 1
41fi 48fi
42 49
43USER=""
44GROUP="-g $1" 50GROUP="-g $1"
45if [ $# -eq 2 ]; then 51NATIVE_SYSROOT_DIR=$2
46 NATIVE_SYSROOT_DIR=$2
47else
48 USER=$2
49 NATIVE_SYSROOT_DIR=$3
50fi
51 52
52TUNCTL=$NATIVE_SYSROOT_DIR/usr/bin/tunctl 53TUNCTL=$NATIVE_SYSROOT_DIR/usr/bin/tunctl
53if [ ! -e "$TUNCTL" ]; then 54if [ ! -x "$TUNCTL" ]; then
54 echo "Error: Unable to find tunctl binary in '$NATIVE_SYSROOT_DIR/usr/bin'" 55 echo "Error: Unable to find tunctl binary in '$NATIVE_SYSROOT_DIR/usr/bin'"
55 56
56 if [[ "$NATIVE_SYSROOT_DIR" =~ ^\/opt\/poky ]]; then 57 if [[ "$NATIVE_SYSROOT_DIR" =~ ^\/opt\/poky ]]; then
@@ -64,22 +65,6 @@ fi
64 65
65TAP=`$TUNCTL -b $GROUP 2>&1` 66TAP=`$TUNCTL -b $GROUP 2>&1`
66STATUS=$? 67STATUS=$?
67if [[ "$TAP" =~ "TUNSETGROUP" ]]; then
68 # TUNSETGROUP failed because of permissions or the kernel being too old
69 # Retry, falling back to a specific user
70 if [ "$USER" = "" ]; then
71 echo "TUNSETGROUP failed - add a username to the command line in order"
72 echo "to have the tap device owned by that user"
73 exit 1
74 fi
75 TAP=`$TUNCTL -b -u $USER 2>&1`
76 STATUS=$?
77 # Force this to appear on stderr in order that the user sees it if this
78 # is running from poky-qemu-internal and in order to avoid having this
79 # output confuse it.
80 echo "Only user $USER will be able to use $TAP - upgrade the kernel to " 1>&2
81 echo "2.6.23 or later in order to allow group access to tap devices" 1>&2
82fi
83if [ $STATUS -ne 0 ]; then 68if [ $STATUS -ne 0 ]; then
84 echo "tunctl failed:" 69 echo "tunctl failed:"
85 echo $TAP 70 echo $TAP
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-04 05:50:39 +0000