[Buildroot] [PATCH 1/3] core: allow packages to declare a permission file
Yann E. MORIN
yann.morin.1998 at free.fr
Wed Dec 14 16:41:28 UTC 2016
Peter, All,
On 2016-12-13 23:28 +0100, Peter Korsgaard spake thusly:
> >>>>> "Yann" == Yann E MORIN <yann.morin.1998 at free.fr> writes:
>
> > Currently, packages can define a variable that holds all the permissions
> > to set on the files it installs. This can be used to set various
> > permissions, like ownership, mode, suid/sgid/sticky bits to individual
> > files.
>
> > However, this variable has to contain entries that are known the moment
> > we scan the .mk file; it is not possible to conditionally add permisions
> > for files which presence depend on post-parse conditions.
>
> > This is the case for example for Busybox, for which we don't know whether
> > a specific applet will be enabled or not until after the configure
> > command has run.
>
> > Introduce a new variable that packages can set to point to a file that
> > contains a permission table. That filewill only be used when a filesystem
> > image is asembled, so the file can be generated, either at configure or
> > build time, with no problem.
>
> > Signed-off-by: "Yann E. MORIN" <yann.morin.1998 at free.fr>
>
> > ---
> > Note: this will be usefull for Busybox, to properly handle the SELinux
> > contexts of the individual applets.
> > ---
> > fs/common.mk | 1 +
> > package/pkg-generic.mk | 1 +
> > 2 files changed, 2 insertions(+)
>
> > diff --git a/fs/common.mk b/fs/common.mk
> > index 7515fdc..843f7ca 100644
> > --- a/fs/common.mk
> > +++ b/fs/common.mk
> > @@ -90,6 +90,7 @@ ifeq ($$(BR2_ROOTFS_DEVICE_CREATION_STATIC),y)
> > $$(call PRINTF,$$(PACKAGES_DEVICES_TABLE)) >> $$(FULL_DEVICE_TABLE)
> > endif
> > $$(call PRINTF,$$(PACKAGES_PERMISSIONS_TABLE)) >> $$(FULL_DEVICE_TABLE)
> > + cat $$(PACKAGES_PERMISSIONS_TABLE_FILES) >> $$(FULL_DEVICE_TABLE)
>
> We need to protect against the case where this is empty, similar to how
> we do it for the rootfs table files.
Indeed.
> Notice that you called it PACKAGES_PERMISSIONS_TABLE_FILES here and
> PACKAGES_PERMISSIONS_FILES elsewhere.
Yup, but as I said in the cover-letter, it was just to show how we could
let packages specify a permissions table rather than a in-line value.
Regards,
Yann E. MORIN.
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
More information about the buildroot
mailing list