[yocto] Access Control List (ACL) permissions attributes not getting preserved in rootfs
Kumar, Shrawan
Shrawan.Kumar at harman.com
Tue Aug 16 04:55:19 PDT 2016
Thanks Joshua,
"postinst" works!! I could see the attributes set under "poky/build_qemux86/tmp/work/qemux86-poky-linux/core-image-minimal/1.0-r0/rootfs/".
However, I still could not see the attributes after booting qemu. It seems during rootfs.ext4 (mkfs.ext4 command )creation when "create_image_ext4.sh" is called , again this is getting lost.
Any idea on this ?
Regards
Shrawan
-----Original Message-----
From: Joshua G Lock [mailto:joshua.g.lock at linux.intel.com]
Sent: Friday, August 12, 2016 7:22 PM
To: Kumar, Shrawan; yocto at yoctoproject.org
Subject: Re: [yocto] Access Control List (ACL) permissions attributes not getting preserved in rootfs
On Fri, 2016-08-12 at 12:33 +0000, Kumar, Shrawan wrote:
> Hello All,
>
> I am using poky “ jethro” , and though one of my recipe, I have
> created user1 & user2 and then trying to set ACL rules on
> “helloworld” bin as below :
>
>
> do_install() {
> install -d ${D}${bindir}
> install -m 0700 helloworld ${D}${bindir}
> install -d ${D}/lib/systemd/system
> install -m 0700 hello.service
> ${D}/lib/systemd/system/
> chown user1:group1 ${D}${bindir}/helloworld
> setfacl -m u:user2:r-- ${D}${bindir}/helloworld }
>
>
> è When I see on the devshell ( bitbake HelloWorld –c devshell) :
> poky/build_qemux86/tmp/work/qemux86-poky-linux/core-image-
> minimal/1.0-r0/rootfs/usr/bin# getfacl helloworld , I could see
> that ACL permissions are set correctly as below :
> - # file: helloworld
> - # owner: user1
> - # group: group1
> - user::rwx
> - user:user2:r--
> - group::---
> - mask::r--
> - other::---
>
> However, It does not seems to be getting preserved in rootfs. :
> /poky/build_qemux86/tmp/work/qemux86-poky-linux/core-image-
> minimal/1.0-r0/rootfs/usr/bin# getfacl helloworld # file: helloworld #
> owner: user1 # group: group1 user::rwx
> group::---
> other::---
>
> quick help here would be highly appreciated
This is due to the fact that we don't currently have a mechanism to preserve xattr through to image construction[1].
The largest barrier for doig so is that the package managers (certainly dpkg and rpm) don't have any support for xattrs in packages (an image is populated via the package manager).
To the best of my knowledge the only option for adding some xattr/ACL is to use a postinst[2] to set the attributes after the package has been installed.
Regards,
Joshua
1. https://bugzilla.yoctoproject.org/show_bug.cgi?id=9858
2. http://www.yoctoproject.org/docs/2.1/dev-manual/dev-manual.html#new-
recipe-post-installation-scripts
More information about the yocto
mailing list