From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1NjdhN-0002Vb-Vp for garchives@archives.gentoo.org; Mon, 22 Feb 2010 19:12:06 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9BAF9E0E8C for ; Mon, 22 Feb 2010 19:12:05 +0000 (UTC) Received: from vms173011pub.verizon.net (vms173011pub.verizon.net [206.46.173.11]) by pigeon.gentoo.org (Postfix) with ESMTP id 63783E0D64 for ; Mon, 22 Feb 2010 18:44:31 +0000 (UTC) Received: from [192.168.0.7] ([unknown] [173.63.22.246]) by vms173011.mailsrvcs.net (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009)) with ESMTPA id <0KY900LZKAPQ2PS2@vms173011.mailsrvcs.net> for gentoo-embedded@lists.gentoo.org; Mon, 22 Feb 2010 12:44:14 -0600 (CST) Message-id: <4B82D07D.1090509@verizon.net> Date: Mon, 22 Feb 2010 13:44:13 -0500 From: "P. Levine" User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.7) Gecko/20100221 Lightning/1.0b2pre Thunderbird/3.0.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-embedded@lists.gentoo.org Reply-to: gentoo-embedded@lists.gentoo.org MIME-version: 1.0 To: gentoo-embedded@lists.gentoo.org Subject: Re: [gentoo-embedded] emerge --root : users not created References: <4B8297AA.9020502@verizon.net> <20100222151903.28288.qmail@stuge.se> In-reply-to: <20100222151903.28288.qmail@stuge.se> X-Enigmail-Version: 1.0.1 Content-type: text/plain; charset=UTF-8 Content-transfer-encoding: 7bit X-Archives-Salt: 079041ad-5ef3-4a41-9afe-83da69a04790 X-Archives-Hash: fa23f93f9e3bb0475edba7c98d90605a On 02/22/2010 10:19 AM, Peter Stuge wrote: > P. Levine wrote: >> It seems absurd to add support for chroot() in useradd and groupadd >> without userdel and groupdel, so the patch includes support for them. > > gpasswd has also been mentioned. Please check what > portage/eclass/eutils.eclass actually uses, or ideally add the flag > to all the shadow utilities? I did check the eclasses. Eutils calls useradd and groupadd. The only other mention of a shadow utility is games.eclass with: ewarn "Just run 'gpasswd -a ${GAMES_GROUP}', then have re-login." I would consider patching all of shadow utilities to be ideal. But I'm not sure whether the shadow devs would. I was under the impression this was for useradd and groupadd (and, consequently, userdel and groupdel). I'll try to get a hold of them on IRC when I get a chance. > >> xfgetXXbyYY > > Why is all that required? It's a mess. Please explain? > > > //Peter > > >From my previous post: > There are a number of calls to "getXXbyYY" functions (i.e., getgrgid, > getpwnam, etc...). These seem to be dynamically preloaded and access > preloaded databases. They are unaffected by chroot() (even after > setting __nss_configure_lookup(foo, files)). I've instead used shadow's > own method of macro expansion to generate functions doing the > equivalent, with recursive calls to fgetXXent functions. There are numerous calls to libc functions such as getgrgid and getpwnam by shadow's own xgetgrgid and xgetpwnam. These are generated by files containing macros, and at the bottom there's #include xgetXXbyYY.c, a file the does the macro expansion. In the end, they generate wrapper functions to initialize buffers, call the function, and duplicate and return the struct. xgetgrgid, for instance, calls getgrgid to search the group database for a particular gid, and returns a pointer to the group struct if it exists. The problem is the databases are dynamically preloaded and chroot() will not. The only mention in the glibc manual about forcing related functions to use a particular database method is by calling __nss_configure_lookup. Even if this did work with chroot() it would be initializing databases from $ROOT/etc as the system databases for the duration, which would be absurdly dangerous in a system where other utils and libs could call on the same databases. Glibc offers fgetXXent functions (fgetpwent, for example) which, simply, sequentially return the next struct from a file stream supplied as the argument. There are no fgetgrgid or fgetpwnam functions. My original patch supplied those functions using its own xfgetXXbyYY.c and associated macro files by recursively calling fgetXXent functions and comparing the struct member to the argument. But after looking at userdel.c and groupdel.c, I saw that they made calls to setXXent, getXXent, and endXXent functions (which use the system database) that would have changed too many lines of their code if patched. So I added fsetXXent, fgetXXent, and fendXXent functions, and changed all the others to, very simply, call on those. The chroot.c file might seem like a mess but it's actually quite organized, and if you cd to the patched source directory, configure, run "gcc -E -I ./lib -I . -o chroot.expaded.c ./libmisc/chroot.c", and scroll to the bottom of chroot.expaded.c, you'll see what functions those macros expand to.