[kirkstone,09/19] shadow: Enable subid support

Message ID	5cdc9c1809ef169b8af7ce3085f316d1e68eb7ec.1661956484.git.steve@sakoman.com
State	Accepted, archived
Commit	5cdc9c1809ef169b8af7ce3085f316d1e68eb7ec
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.210.182, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 09/19] shadow: Enable subid support Date: Wed, 31 Aug 2022 04:39:29 -1000 Message-Id: <5cdc9c1809ef169b8af7ce3085f316d1e68eb7ec.1661956484.git.steve@sakoman.com> In-Reply-To: <cover.1661956484.git.steve@sakoman.com> References: <cover.1661956484.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/19] sqlite: fix CVE-2022-35737 \| expand [kirkstone,01/19] sqlite: fix CVE-2022-35737 [kirkstone,02/19] bind: upgrade 9.18.4 -> 9.18.5 [kirkstone,03/19] linux-yocto/5.15: update to v5.15.60 [kirkstone,04/19] linux-yocto/5.15: update to v5.15.62 [kirkstone,05/19] linux-yocto: Fix COMPATIBLE_MACHINE regex match [kirkstone,06/19] linux-yocto/5.10: update to v5.10.136 [kirkstone,07/19] linux-yocto/5.10: update to v5.10.137 [kirkstone,08/19] lttng-modules: fix build for kernel 5.10.137 [kirkstone,09/19] shadow: Enable subid support [kirkstone,10/19] rootfspostcommands.py: Cleanup subid backup files generated by shadow-utils [kirkstone,11/19] shadow: Avoid nss warning/error with musl [kirkstone,12/19] util-linux: Remove --enable-raw from EXTRA_OECONF [kirkstone,13/19] libxml2: wrap xmllint to use the correct XML catalogues [kirkstone,14/19] parselogs: Ignore xf86OpenConsole error [kirkstone,15/19] xinetd: Pass missing -D_GNU_SOURCE [kirkstone,16/19] watchdog: Include needed system header for function decls [kirkstone,17/19] pinentry: enable _XOPEN_SOURCE on musl for wchar usage in curses [kirkstone,18/19] apr: Use correct strerror_r implementation based on libc type [kirkstone,19/19] gcr: Define _GNU_SOURCE

Message ID

5cdc9c1809ef169b8af7ce3085f316d1e68eb7ec.1661956484.git.steve@sakoman.com

State

Accepted, archived

Commit

5cdc9c1809ef169b8af7ce3085f316d1e68eb7ec

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 09/19] shadow: Enable subid support
Date: Wed, 31 Aug 2022 04:39:29 -1000
Message-Id: 
 <5cdc9c1809ef169b8af7ce3085f316d1e68eb7ec.1661956484.git.steve@sakoman.com>
In-Reply-To: <cover.1661956484.git.steve@sakoman.com>
References: <cover.1661956484.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,01/19] sqlite: fix CVE-2022-35737 | expand

Commit Message

Steve Sakoman Aug. 31, 2022, 2:39 p.m. UTC

From: Andrei Gherzan <andrei.gherzan@huawei.com>

shadow utils are used when creating users at image creation time. The
useradd/usermod tools will only try to add a default configuration for
subid files if they exist.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-extended/shadow/shadow.inc | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
index f5fdf436f7..b3ae2b4874 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -149,6 +149,13 @@  do_install:append() {
 	# Handle link properly after rename, otherwise missing files would
 	# lead rpm failed dependencies.
 	ln -sf newgrp.${BPN} ${D}${bindir}/sg
+
+	# usermod requires the subuid/subgid files to be in place before being
+	# able to use the -v/-V flags otherwise it fails:
+	# usermod: /etc/subuid does not exist, you cannot use the flags -v or -V
+	install -d ${D}${sysconfdir}
+	touch ${D}${sysconfdir}/subuid
+	touch ${D}${sysconfdir}/subgid
 }
 
 PACKAGES =+ "${PN}-base"

[kirkstone,09/19] shadow: Enable subid support

Commit Message

Patch