From 39858da23037b377604c2770c659505a12f90e30 Mon Sep 17 00:00:00 2001 From: José Bollo Date: Mon, 13 Mar 2017 10:57:23 +0100 Subject: shadow: 'useradd' copies root's extended attributes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The copy of extended attributes is interesting for Smack systems because it allows to set the security template of the user's home directories without modifying the tools (useradd here). But the version of useradd that copies the extended attributes doesn't copy the extended attributes of the root. This can make use of homes impossible! This patch corrects the issue by copying the extended attributes of the root directory: /home/user will get the extended attributes of /etc/skel. The patch is submitted upstream (see http://lists.alioth.debian.org/pipermail/pkg-shadow-commits/2017-March/003804.html) The existing patch specific to open-embedded is updated: 0001-useradd.c-create-parent-directories-when-necessary.patch Also, attr are activated for native tools. This is needed when users are created during image creation. (From OE-Core rev: eed66e85af5ca6bbdd80cc3d5cf8453e8d8880bc) Signed-off-by: José Bollo Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- .../shadow/files/allow-for-setting-password-in-clear-text.patch | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch') diff --git a/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch b/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch index 68da25f406..615c6e002d 100644 --- a/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch +++ b/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch @@ -118,7 +118,7 @@ diff --git a/src/useradd.c b/src/useradd.c index b3bd451..4416f90 100644 --- a/src/useradd.c +++ b/src/useradd.c -@@ -773,6 +773,7 @@ static void usage (int status) +@@ -776,6 +776,7 @@ static void usage (int status) (void) fputs (_(" -o, --non-unique allow to create users with duplicate\n" " (non-unique) UID\n"), usageout); (void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), usageout); @@ -126,7 +126,7 @@ index b3bd451..4416f90 100644 (void) fputs (_(" -r, --system create a system account\n"), usageout); (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); (void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), usageout); -@@ -1047,6 +1048,7 @@ static void process_flags (int argc, char **argv) +@@ -1050,6 +1051,7 @@ static void process_flags (int argc, char **argv) {"no-user-group", no_argument, NULL, 'N'}, {"non-unique", no_argument, NULL, 'o'}, {"password", required_argument, NULL, 'p'}, @@ -134,7 +134,7 @@ index b3bd451..4416f90 100644 {"system", no_argument, NULL, 'r'}, {"root", required_argument, NULL, 'R'}, {"shell", required_argument, NULL, 's'}, -@@ -1059,9 +1061,9 @@ static void process_flags (int argc, char **argv) +@@ -1062,9 +1064,9 @@ static void process_flags (int argc, char **argv) }; while ((c = getopt_long (argc, argv, #ifdef WITH_SELINUX @@ -146,7 +146,7 @@ index b3bd451..4416f90 100644 #endif /* !WITH_SELINUX */ long_options, NULL)) != -1) { switch (c) { -@@ -1227,6 +1229,9 @@ static void process_flags (int argc, char **argv) +@@ -1230,6 +1232,9 @@ static void process_flags (int argc, char **argv) } user_pass = optarg; break; -- cgit v1.2.3-54-g00ecf