diff options
| author | Anton D. Kachalov <gmouse@google.com> | 2021-02-04 15:13:57 +0300 |
|---|---|---|
| committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2021-04-12 23:11:13 +0300 |
| commit | 23e749b62bb4c541d19cf3b79611d9d40cb215e1 (patch) | |
| tree | f714bb8cd7ebdd8f1fdfd917def5d3b1ef9a810a | |
| parent | 57e15b1d5cf7749e6bd01c3ef484689f4191d51e (diff) | |
| download | openbmc-23e749b62bb4c541d19cf3b79611d9d40cb215e1.tar.xz | |
Enable Systemd NSS module to support DynamicUsers
DynamicUsers flag in systemd service configuration file required to create,
handle and recycle temporary users.
This is essential module for upcoming daemons' privilege separation work.
Reference: https://github.com/openbmc/openbmc/issues/3383
Signed-off-by: Anton D. Kachalov <gmouse@google.com>
Change-Id: Iabd709c4a20f754fc6ea505e640b2d361aba0be2
4 files changed, 7 insertions, 2 deletions
diff --git a/meta-phosphor/classes/obmc-phosphor-image.bbclass b/meta-phosphor/classes/obmc-phosphor-image.bbclass index 0a07fc6f4..c83dce32f 100644 --- a/meta-phosphor/classes/obmc-phosphor-image.bbclass +++ b/meta-phosphor/classes/obmc-phosphor-image.bbclass @@ -88,7 +88,9 @@ remove_etc_version() { } enable_ldap_nsswitch() { - sed -i 's/\(\(passwd\|group\|shadow\):\s*\).*/\1files ldap/' \ + sed -i 's/\(\(passwd\|group\):\s*\).*/\1files systemd ldap/' \ + "${IMAGE_ROOTFS}${sysconfdir}/nsswitch.conf" + sed -i 's/\(shadow:\s*\).*/\1files ldap/' \ "${IMAGE_ROOTFS}${sysconfdir}/nsswitch.conf" } diff --git a/meta-phosphor/conf/distro/include/phosphor-base.inc b/meta-phosphor/conf/distro/include/phosphor-base.inc index af2e6ef76..5b114810f 100644 --- a/meta-phosphor/conf/distro/include/phosphor-base.inc +++ b/meta-phosphor/conf/distro/include/phosphor-base.inc @@ -120,7 +120,7 @@ include conf/distro/include/openbmc-phosphor/${MACHINE}.inc IMAGE_CLASSES_append = " image_types_phosphor phosphor-rootfs-postcommands" IMAGE_CLASSES_append_npcm7xx = " image_types_phosphor_nuvoton" -IMAGE_INSTALL_append = " dbus-broker" +IMAGE_INSTALL_append = " dbus-broker libnss-systemd" # Skip the udev database by default. It adds around 2MB # compressed to the root filesystem, and probably doesn't diff --git a/meta-phosphor/recipes-core/base-files/base-files_%.bbappend b/meta-phosphor/recipes-core/base-files/base-files_%.bbappend index b6c4222b2..30e562325 100644 --- a/meta-phosphor/recipes-core/base-files/base-files_%.bbappend +++ b/meta-phosphor/recipes-core/base-files/base-files_%.bbappend @@ -10,6 +10,8 @@ SRC_URI += " \ " do_install_append() { + sed -i 's/\(\(passwd\|group\):\s*\).*/\1files systemd/' \ + "${D}${sysconfdir}/nsswitch.conf" install -d ${D}/srv diff --git a/meta-phosphor/recipes-core/systemd/systemd_%.bbappend b/meta-phosphor/recipes-core/systemd/systemd_%.bbappend index f1046de20..1f0b95e39 100644 --- a/meta-phosphor/recipes-core/systemd/systemd_%.bbappend +++ b/meta-phosphor/recipes-core/systemd/systemd_%.bbappend @@ -6,6 +6,7 @@ PACKAGECONFIG = "\ hostnamed \ kmod \ networkd \ + nss \ pam \ randomseed \ resolved \ |