[Buildroot] how does buildroot avoid requireing root?

John Stile john at stilen.com
Sat Jun 29 17:08:44 UTC 2013


That does answer my question very well.
Thank you.

On Sat, 2013-06-29 at 10:49 +0200, Thomas Petazzoni wrote:
> Dear John Stile,
> 
> On Fri, 28 Jun 2013 17:47:16 -0700, John Stile wrote:
> > I am confused about how buildroot creates busybox.
> > 
> > There are notes that one must ensure that busybox setuid root.
> > 
> > Performing this operation must be performed as root:
> >    chown 0.0 /bin/busybox; chmod 4755 /bin/busybox
> > 
> > Yet when I use buildroot I never become root.
> > 
> > How does buildroot accomplish this?
> > 
> > In output/build/busybox-1.18.5 I see applets/install.sh calls:
> >   install -m 755 busybox $prefix/bin/busybox || exit 1
> > 
> > but I don't see how this becomes setuid?
> > 
> > On my embedded system, I see:
> > -rwsr-xr-x    1 root     root        605876 Jun 28  2013 /bin/busybox*
> 
> We use a combination of 'fakeroot' and 'makedevs'. From
> http://man.he.net/man1/fakeroot:
>    
>        	fakeroot runs a command in an environment wherein it
>        	appears to  have root  privileges  for  file
>        	manipulation.  This is useful for allowing users to
>        	create archives (tar, ar, .deb etc.) with files in them
>        	with root  permissions/ownership. Without  fakeroot one
>        	would need to have root privileges to create the
>        	constituent files of  the archives  with the correct
>        	permissions  and ownership, and then pack them up, or
>        	one would have to  construct  the  archives  directly,
>        	without using  the archiver.
> 
> 	fakeroot  works  by  replacing  the file manipulation library
>        	functions (chmod(2), stat(2) etc.) by ones that
>        	simulate  the effect  the  real library  functions would
>        	have had, had the user really been root. These wrapper
>        	functions are  in  a shared
>        	library  /usr/lib/libfakeroot.so* which is loaded
>        	through the LD_PRELOAD mechanism of the dynamic loader.
>        	(See ld.so(8))
> 
> Basically, we use fakeroot to run the following commands:
> 
> 	makedevs
> 	tar cf rootfs.tar output/target
> 
> And what makedevs does is that it reads some permission and device
> tables to create device files and adjust permissions. Those
> device/permission tables are constructed from system/device_table.txt
> (and system/device_table_dev.txt for devices) and also from individual
> package .mk files that use the <pkg>_PERMISSIONS and <pkg>_DEVICES
> mechanism. From package/busybox/busybox.mk:
> 
> define BUSYBOX_PERMISSIONS
> /bin/busybox                     f 4755 0 0 - - - - -
> /usr/share/udhcpc/default.script f 755  0 0 - - - - -
> endef
> 
> Here you see that we tell Buildroot to make Busybox a setuid binary.
> 
> Does that answer your question?
> 
> Best regards,
> 
> Thomas




More information about the buildroot mailing list