From 0af59a04135f067f0e01883defa77c6f714eab2e Mon Sep 17 00:00:00 2001 From: Peter Kjellerstedt Date: Fri, 12 Sep 2014 17:05:00 +0200 Subject: shadow: Make useradd work correctly with --root again Even if useradd --root is used it would still read login.defs before doing the chroot() and thus use the one provided by the host rather than the sysroot. (From OE-Core rev: b85917a4ebe636316fa7305017cd32a47b392039) Signed-off-by: Peter Kjellerstedt Signed-off-by: Richard Purdie --- ...o-not-read-login.defs-before-doing-chroot.patch | 46 ++++++++++++++++++++++ meta/recipes-extended/shadow/shadow.inc | 1 + 2 files changed, 47 insertions(+) create mode 100644 meta/recipes-extended/shadow/files/0001-Do-not-read-login.defs-before-doing-chroot.patch (limited to 'meta/recipes-extended') diff --git a/meta/recipes-extended/shadow/files/0001-Do-not-read-login.defs-before-doing-chroot.patch b/meta/recipes-extended/shadow/files/0001-Do-not-read-login.defs-before-doing-chroot.patch new file mode 100644 index 0000000000..828b95a572 --- /dev/null +++ b/meta/recipes-extended/shadow/files/0001-Do-not-read-login.defs-before-doing-chroot.patch @@ -0,0 +1,46 @@ +From 170c25c8e0b5c3dc2615d1db94c8d24a13ff99bf Mon Sep 17 00:00:00 2001 +From: Peter Kjellerstedt +Date: Thu, 11 Sep 2014 15:11:23 +0200 +Subject: [PATCH] Do not read login.defs before doing chroot() + +If "useradd --root ..." was used, the login.defs file would still +be read from /etc/login.defs instead of /etc/login.defs. This was +due to getdef_ulong() being called before process_root_flag(). + +Upstream-Status: Submitted [http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2014-September/010446.html] + +Signed-off-by: Peter Kjellerstedt +--- + src/useradd.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/useradd.c b/src/useradd.c +index a8a1f76..e1ebf50 100644 +--- a/src/useradd.c ++++ b/src/useradd.c +@@ -1993,9 +1993,11 @@ int main (int argc, char **argv) + #endif /* USE_PAM */ + #endif /* ACCT_TOOLS_SETUID */ + ++#ifdef ENABLE_SUBIDS + /* Needed for userns check */ +- uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL); +- uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL); ++ uid_t uid_min; ++ uid_t uid_max; ++#endif + + /* + * Get my name so that I can use it to report errors. +@@ -2026,6 +2028,8 @@ int main (int argc, char **argv) + is_shadow_grp = sgr_file_present (); + #endif + #ifdef ENABLE_SUBIDS ++ uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL); ++ uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL); + is_sub_uid = sub_uid_file_present () && !rflg && + (!user_id || (user_id <= uid_max && user_id >= uid_min)); + is_sub_gid = sub_gid_file_present () && !rflg && +-- +1.9.0 + diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index 84d1f864b7..6a769dfc5c 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc @@ -15,6 +15,7 @@ SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \ file://usermod-fix-compilation-failure-with-subids-disabled.patch \ file://fix-installation-failure-with-subids-disabled.patch \ file://0001-su.c-fix-to-exec-command-correctly.patch \ + file://0001-Do-not-read-login.defs-before-doing-chroot.patch \ ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ " -- cgit v1.2.3