From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6449247988281769984 X-Received: by 10.223.175.195 with SMTP id y3mr1367302wrd.29.1501672619185; Wed, 02 Aug 2017 04:16:59 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 10.25.25.77 with SMTP id 74ls481410lfz.6.gmail; Wed, 02 Aug 2017 04:16:58 -0700 (PDT) X-Received: by 10.25.193.77 with SMTP id r74mr2410845lff.14.1501672618910; Wed, 02 Aug 2017 04:16:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501672618; cv=none; d=google.com; s=arc-20160816; b=Rctxa/NMfuhmQzBiUti3rAx8PirF/YOinxZMTkP9AStgYjfpRSdjh4dGayQwPFKz8o vG1yISXZFZT6emolgGpuIm4xTyXX7wsMlxD2iv9sHab4vU6USlzydSLgm9b93FNuzj6I swuhyHNee386KukwPFEr6vNkQKFqNurnxhs80Hg2Tdims1pTBW3IUvSd/Dl0o8/9g7ow rtX8RSXuear/VYOyNnLXsGvjwzwmRkq285KvqjdLDUR3QqWJozN6CbIGIcYVkj1pBIWY l1fSH2Q+2FUt5F1aubt3SbXbzsjrO1eM0QrDZkE+Flwo4kLAGCNJ4ErA+QQQUjZofW96 PLTg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:arc-authentication-results; bh=/QPfaVZ10GKM+PPOO5XBizLUrMrTvz+mOFkLCJRf6ss=; b=k+lQJ276uq8iUACWm4zriWLYqhw/uh0T87vJdq1g/R5j7YdvUlEA0L/AR56pIW63cd fP0vE3v5QZzL7aP3t/i3fo4G6HPN22JpNhbHFIS1suP6S0CntSHtuw69lsgZks1UzNJD L66Su9fnwRT1ceL5kt8yq9/mCy26rivjZDJ9FfYypSM285IrQxYh9OdBg9a95IvNnAgt 5NxQCGZQ8ybTS4ssTtrhvIQNpUJFhGGd+iW7fR4Jw0gqVMj2BL0MC1z31eo+APp7NWr1 uAIhaJQ9lXFo1Jc7KIke1o0Yo7f+DbpCAPJlDpz0XbAf+wx8USMS+vZiQSA97Vl6H9he Fduw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=neutral (google.com: 192.35.17.28 is neither permitted nor denied by best guess record for domain of henning.schild@siemens.com) smtp.mailfrom=henning.schild@siemens.com Return-Path: Received: from goliath.siemens.de (goliath.siemens.de. [192.35.17.28]) by gmr-mx.google.com with ESMTPS id n128si764216wmn.1.2017.08.02.04.16.58 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 02 Aug 2017 04:16:58 -0700 (PDT) Received-SPF: neutral (google.com: 192.35.17.28 is neither permitted nor denied by best guess record for domain of henning.schild@siemens.com) client-ip=192.35.17.28; Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 192.35.17.28 is neither permitted nor denied by best guess record for domain of henning.schild@siemens.com) smtp.mailfrom=henning.schild@siemens.com Received: from mail3.siemens.de (mail3.siemens.de [139.25.208.14]) by goliath.siemens.de (8.15.2/8.15.2) with ESMTPS id v72BGmo4002647 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 2 Aug 2017 13:16:48 +0200 Received: from md1em3qc ([139.25.68.40]) by mail3.siemens.de (8.15.2/8.15.2) with ESMTP id v72BGm2s029028; Wed, 2 Aug 2017 13:16:48 +0200 Date: Wed, 2 Aug 2017 13:18:43 +0200 From: Henning Schild To: Alexander Smirnov Cc: Subject: Re: [PATCH 01/16] meta: ext4-img: copy and keep attributes, always copy with sudo Message-ID: <20170802131843.5ff3dc85@md1em3qc> In-Reply-To: References: <5e98880f61dba959ada0c9bc8feca65b0a5760e5.1501582237.git.henning.schild@siemens.com> X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.31; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-TUID: Ctl4h8KgQhJ3 Am Wed, 2 Aug 2017 10:48:13 +0300 schrieb Alexander Smirnov : > Hi, > > 2017-08-01 13:17 GMT+03:00 Henning Schild > : > > > Some security enhancing packages can cause our initrd to be not > > readable by a normal user. So we need to copy with sudo. > > > > Please be more explicit which packages, it'd be nice to have examples > here in the commit message. It is one of there packages IMAGE_PREINSTALL += "acl adduser apparmor apt attr babeltrace base-files base-passwd bash bridge-utils busybox bzip2 cdebconf console-setup coreutils cpio cron cryptsetup dash dbus debconf debian-archive-keyring debianutils debootstrap dh-python dhcpcd5 diffutils dns-root-data dnsmasq dpkg dropbear e2fsprogs ebtables elfutils ethtool expat file findutils fuse gcc-6 gdb gettext gnupg2 grep grub2 gzip hostname init-system-helpers initramfs-tools iproute2 iptables kbd keyutils kmod less libcap2 libgcrypt20 liblocale-gettext-perl libtasn1-6 libtext-charwidth-perl libtext-iconv-perl libtext-wrapi18n-perl libxml2 linux-base lsb lsof ltrace lvm2 mawk mime-support netbase netcat openssl os-prober p11-kit parted patch pciutils perl procps python2.7 python3.5 rename rsync sed sensible-utils setserial sgml-base shared-mime-info sqlite3 squashfs-tools strace systemd tar tcpdump trace-cmd tzdata ucf usbutils util-linux vim wget xauth xdg-user-dirs xml-core xz-utils" I did not investigate a lot which one, because it is a waste of time. > In general Isar follows the way to reduce usage of 'sudo' as much as > possible, so every new entry should have good reasons. As Andreas reported last week we have libpseudo in the making and almost ready, so the sudo problem will go away. > > > Also regular cp would destroy ownership and other attributes of > > files, possibly creating problems in the future. > > > > Also an example is highly appreciated. cd /tmp touch foobar chgrp cron foobar chown mail foobar chmod 600 foobar cp foobar bla cp -a foobar bla2 If any debian package brings files not owned by root, plain cp will destroy the ownership. I do not have a concrete example at hand. Henning > > > > Signed-off-by: Henning Schild > > --- > > meta/classes/ext4-img.bbclass | 6 +++--- > > 1 file changed, 3 insertions(+), 3 deletions(-) > > > > diff --git a/meta/classes/ext4-img.bbclass > > b/meta/classes/ext4-img.bbclass index 65d4c11..6dc2039 100644 > > --- a/meta/classes/ext4-img.bbclass > > +++ b/meta/classes/ext4-img.bbclass > > @@ -21,16 +21,16 @@ do_ext4_image() { > > > > mkdir -p ${WORKDIR}/mnt > > sudo mount -o loop ${EXT4_IMAGE_FILE} ${WORKDIR}/mnt > > - sudo cp -r ${S}/* ${WORKDIR}/mnt > > + sudo cp -a ${S}/* ${WORKDIR}/mnt > > sudo umount ${WORKDIR}/mnt > > rm -r ${WORKDIR}/mnt > > > > if [ -n "${KERNEL_IMAGE}" ]; then > > - cp ${S}/boot/${KERNEL_IMAGE} ${DEPLOY_DIR_IMAGE} > > + sudo cp -a ${S}/boot/${KERNEL_IMAGE} ${DEPLOY_DIR_IMAGE} > > > > 1. Ideally DEPLOY_DIR_IMAGE should not contain files with root > permissions, the only multistrap filesystems should require them. Any > spread of sudo significantly increases the probability to damage host > system. Also I don't see the reason to keep kernel image undo > supervisor permissions. 2. If KERNEL_IMAGE is symbolic link, 'cp -a' > will copy symlink only. > > > > fi > > > > if [ -n "${INITRD_IMAGE}" ]; then > > - cp ${S}/boot/${INITRD_IMAGE} ${DEPLOY_DIR_IMAGE} > > + sudo cp -a ${S}/boot/${INITRD_IMAGE} ${DEPLOY_DIR_IMAGE} > > fi > > > > I think that closed initrd is more private case than mainstream. Can > we cosider possibility to implement this as optional security feature? > > > > } > > > > -- > > 2.13.0 > > > > -- > > You received this message because you are subscribed to the Google > > Groups "isar-users" group. > > To unsubscribe from this group and stop receiving emails from it, > > send an email to isar-users+unsubscribe@googlegroups.com. > > To post to this group, send email to isar-users@googlegroups.com. > > To view this discussion on the web visit > > https://groups.google.com/d/ > > msgid/isar-users/5e98880f61dba959ada0c9bc8feca65b0a5760e5.1501582237.git. > > henning.schild%40siemens.com. For more options, visit > > https://groups.google.com/d/optout.