[yocto] Fwd: [meta-security][PATCH 1/2] Bastille: make questions files writable

mulhern mulhern at gmail.com
Wed Sep 25 15:02:48 PDT 2013 

---------- Forwarded message ----------
From: mulhern <mulhern at gmail.com>
Date: Wed, Sep 25, 2013 at 6:00 PM
Subject: Re: [yocto] [meta-security][PATCH 1/2] Bastille: make questions
files writable
To: Joe MacDonald <joe at deserted.net>


Hi!

Thanks for the patch, however the problem addressed by patch 1/2 already
has a fix in progress, see
https://bugzilla.yoctoproject.org/show_bug.cgi?id=5177.

- mulhern


On Fri, Sep 20, 2013 at 12:20 AM, Joe MacDonald <joe at deserted.net> wrote:

> do_install would fail when trying to update the questions files during the
> set_required_questions.py stage since the default permissions in the
> Questions/ did not allow writing.  So the shutil.move() in
> set_required_questions.py would raise and IOError:
>
> Fatal error reading config file: [Errno 13] Permission denied:
> '[...]/bastille/3.2.1-r0/Bastille/Questions/AccountSecurity.txt'
>
> for each Questions file.  The most direct approach seems to work
> reasonably well here, jump in before set_required_questions.py gets run
> and make sure we have write permission on the files we're going to write.
>
> Signed-off-by: Joe MacDonald <joe at deserted.net>
> ---
>  recipes-security/bastille/bastille_3.2.1.bb |    1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/recipes-security/bastille/bastille_3.2.1.bbb/recipes-security/bastille/
> bastille_3.2.1.bb
> index ef697d7..d506399 100644
> --- a/recipes-security/bastille/bastille_3.2.1.bb
> +++ b/recipes-security/bastille/bastille_3.2.1.bb
> @@ -143,6 +143,7 @@ do_install () {
>         install -m 0644 OSMap/OSX.bastille    ${D}${datadir}/Bastille/OSMap
>         install -m 0644 OSMap/OSX.system    ${D}${datadir}/Bastille/OSMap
>
> +       chmod +w Questions/*.txt
>         ${THISDIR}/files/set_required_questions.py ${WORKDIR}/config
> Questions
>
>         install -m 0777 ${WORKDIR}/config ${D}${sysconfdir}/Bastille/config
> --
> 1.7.10.4
>
> _______________________________________________
> yocto mailing list
> yocto at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20130925/710facc2/attachment.html>

More information about the yocto mailing list