Subordinate IDs support is required in order to enable creation of unprivileged containers. Pull a required change from upstream in order to make shadow cross-compile with subordinate IDs support. Enable flag in recipe.
Signed-off-by: Bogdan Purcareata <bogdan.purcare...@freescale.com> --- ..._of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch | 41 ++++++++++++++++++++ meta/recipes-extended/shadow/shadow.inc | 3 +- 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch diff --git a/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch b/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch new file mode 100644 index 0000000..185590c --- /dev/null +++ b/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch @@ -0,0 +1,41 @@ +From 2cb54158b80cdbd97ca3b36df83f9255e923ae3f Mon Sep 17 00:00:00 2001 +From: James Le Cuirot <ch...@aura-online.co.uk> +Date: Sat, 23 Aug 2014 09:46:39 +0100 +Subject: [PATCH] Check size of uid_t and gid_t using AC_CHECK_SIZEOF + +This built-in check is simpler than the previous method and, most +importantly, works when cross-compiling. + +Upstream-Status: Accepted +[https://github.com/shadow-maint/shadow/commit/2cb54158b80cdbd97ca3b36df83f9255e923ae3f] + +Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com> +--- + configure.in | 14 ++++---------- + 1 file changed, 4 insertions(+), 10 deletions(-) + +diff --git a/configure.in b/configure.in +index 1a3f841..4a4d6d0 100644 +--- a/configure.in ++++ b/configure.in +@@ -335,16 +335,10 @@ if test "$enable_subids" != "no"; then + dnl + dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc + dnl +- AC_RUN_IFELSE([AC_LANG_SOURCE([ +-#include <sys/types.h> +-int main(void) { +- uid_t u; +- gid_t g; +- return (sizeof u < 4) || (sizeof g < 4); +-} +- ])], [id32bit="yes"], [id32bit="no"]) +- +- if test "x$id32bit" = "xyes"; then ++ AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"]) ++ AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"]) ++ ++ if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4; then + AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.]) + enable_subids="yes" + else diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index b2a5f0e..9fada0d 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc @@ -16,6 +16,7 @@ SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \ file://fix-installation-failure-with-subids-disabled.patch \ file://0001-su.c-fix-to-exec-command-correctly.patch \ file://0001-Do-not-read-login.defs-before-doing-chroot.patch \ + file://check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch \ ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ " @@ -52,7 +53,7 @@ EXTRA_OECONF += "--without-audit \ --without-libcrack \ --without-selinux \ --with-group-name-max-length=24 \ - --enable-subordinate-ids=no \ + --enable-subordinate-ids=yes \ ${NSCDOPT}" NSCDOPT = "" -- 1.7.10.4 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
