From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6659376390151864320 X-Received: by 2002:a05:600c:2110:: with SMTP id u16mr207520wml.11.1551262837807; Wed, 27 Feb 2019 02:20:37 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:adf:fe47:: with SMTP id m7ls330300wrs.0.gmail; Wed, 27 Feb 2019 02:20:37 -0800 (PST) X-Google-Smtp-Source: APXvYqwDDtT1DcMWQ1g8sCMnFqSedMX0wc9V1KNFgFvssK4U/bP/UCwv0eR+xxCIrlp1bxhOknen X-Received: by 2002:a5d:4b82:: with SMTP id b2mr145810wrt.17.1551262837364; Wed, 27 Feb 2019 02:20:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551262837; cv=none; d=google.com; s=arc-20160816; b=DGjUIHKGSgnBe5duDiUqrLbC13WkgqB8RmsxgcThcvNQ76HvEiq2y1qpc7hNAJVOsL FAlez5Qv707HCTRnR55GwP99SnnMO3k1Ncw5+FSpmKVoqKSGJx5fv3FmSEmcJ2lQ/v3b GYK2z4rSTcqu7h4jc3V1b7fupAq0idx0qIGaHvrGGIEgBj/+WFT0KlXrOPLnvpwdY0B4 iw+8aD2Ks2HIVVtMDgGhbJhL1y2Ml+LE0WMrPqbonpVh0irb7W5sCgGh5yT1GtBPt2Te YI6xZki1KcMGhdEZPRj3au/MVmO2Fg87mCVT2PkK1xD4FnwynbTGS23Fg4/1jgN6xdH8 53mA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date; bh=l18D4LkzjIjXQ1eOFwN6vfmujdp7NuRIKcuWx3PIriY=; b=iyC4vPqYYpjgdk3Olf+ET6iYlOKNEIq8s9fTeBE/T1p61d/3Dijr/SUmQIIvcFYFil pUBV+TSnnnDVtTVrmpBajbOiOu5Y47saNQvzqCmDyTw3zrU2GYV08YIcU9nAql1j5y17 XqZKxdq1pT0ASsO0i0do1LUeE684LyCOEd89HwVUdcTROj1dZG0TYHneuB4VLDCSTOz4 U9jZOxMD5LuHXGJ95IYN6iInq4Sil/DN6r3Q4Ls53lOJvRdlvn7jz6Kwx2xNk1KtEF1Y Nr64Pd9Po0HRFcI1mtEa0iyBx+W3F79kLaH4TMNyt0ijl0oLmwyBp7g03S6HTEaKKDrc /nlA== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.28 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Return-Path: Received: from goliath.siemens.de (goliath.siemens.de. [192.35.17.28]) by gmr-mx.google.com with ESMTPS id c24si86561wml.0.2019.02.27.02.20.37 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 27 Feb 2019 02:20:37 -0800 (PST) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.28 as permitted sender) client-ip=192.35.17.28; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.28 as permitted sender) smtp.mailfrom=henning.schild@siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by goliath.siemens.de (8.15.2/8.15.2) with ESMTPS id x1RAKZ62027897 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 27 Feb 2019 11:20:36 +0100 Received: from md1za8fc.ad001.siemens.net ([139.25.69.171]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id x1RAKWDV020917; Wed, 27 Feb 2019 11:20:32 +0100 Date: Wed, 27 Feb 2019 11:20:32 +0100 From: Henning Schild To: Jan Kiszka Cc: "[ext] Adler, Michael" , "isar-users@googlegroups.com" , "claudius.heine.ext@siemens.com" , "Claudius Heine" Subject: Re: [PATCH] added 'isar-cfg-userpw' package Message-ID: <20190227112032.16869f81@md1za8fc.ad001.siemens.net> In-Reply-To: <20190227094605.10a419b2@md1za8fc.ad001.siemens.net> References: <20190218162113.8538-1-claudius.heine.ext@siemens.com> <20190225101852.6m6uqbaq24upaovp@demogorgon> <20190225113406.373e0ae9@md1za8fc.ad001.siemens.net> <1577ed53-0452-9b44-d107-ad13f7240e37@siemens.com> <20190227094605.10a419b2@md1za8fc.ad001.siemens.net> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-TUID: 8CHXuQRLH0tH On Wed, 27 Feb 2019 09:46:05 +0100 "[ext] Henning Schild" wrote: > On Tue, 26 Feb 2019 20:47:25 +0100 > Jan Kiszka wrote: > > > On 26.02.19 20:36, [ext] Jan Kiszka wrote: > > > On 25.02.19 11:34, [ext] Henning Schild wrote: > > >> Hi, > > >> > > >> this is not related to the package. But to any package that goes > > >> through common.sh and checks the ids. > > >> > > >> https://groups.google.com/forum/#!searchin/isar-users/Align$20UID$20and$20GID$20%7Csort:date/isar-users/S5W8D3X4Lkg/n7HbASWnAwAJ > > >> > > >> > > >> The result of this discussion was that we probably need to align > > >> the ids and hope we never get in trouble with the host. In this > > >> case we do! > > >> > > >> The alignment should be changed. If the group does exist (100) > > >> join the user and do not try and create a group. The check should > > >> be changed to make sure the gid is the main group gid, instead of > > >> 1000. > > > > > > FWIW, just ran into the same issue after purging my build folder > > > and retrying a clean "kas-docker --isar build". I'm not seeing it > > > with jailhouse-images where we do not use kas-docker yet and also > > > do not create the build folder outside of the container, thus with > > > host IDs. > > > > > > So, this needs to be fixed in our kas-isar container, I > > > suppose... > > > > No, the bug is really in common.sh, the container is fine: > > > > That script checks for group names, which is probably pointless. In > > this case, we are in the right group, that group just has an alias > > called "builder", but was originally called "users". > > > > Why the heck should we check the group? > > Because that is the most conservative we can get to check the complete > file ownership. I guess we should keep checking the group but just > make sure the the current gid is the gid of the user. > > - [ "$(id -gn)" != "builder" ] > + [ "$(id -g)" != "$(id -g builder)" > > ... same for root. Patch is on the way ... Henning > Henning > > > Jan > > >