Commit 4186c3a4 authored by Richard Neill's avatar Richard Neill
Browse files

ewaol-distro: Reduce installed file permissions for 'others' where appropriate



For installed files which don't require 'others' to have 'read' permissions,
this patch reduces the permissions to be 0640.

Files changed:

  * Guest VM disk and kernel images
  * Xen Guest VM definition config files
  * Systemd override configuration for kernel printk verbosity

Issue-Id: SCM-4394
Signed-off-by: Richard Neill's avatarRichard Neill <richard.neill@arm.com>
Change-Id: Iafd7d15c4c4b54709f2f158bd3427dae1a090340
parent 73d2bda3
......@@ -15,6 +15,9 @@ do_install:append:ewaol() {
sed -i '/PS1/d' ${D}${sysconfdir}/skel/.bashrc
install -d ${D}${sysconfdir}/profile.d
# Others are given 'read' permission so that profile env vars are passed
# through to other user accounts correctly
install -m 0644 ${WORKDIR}/ewaol_profile.sh \
${D}${sysconfdir}/profile.d/ewaol_profile.sh
}
......
......@@ -65,8 +65,8 @@ do_install() {
envsubst < ${EWAOL_GUEST_VM_CFG_SRC} > ${D}${EWAOL_GUEST_VM_CFG_DST}
install -d ${D}${EWAOL_GUEST_VM_DATA}/${GUEST_VM_HOSTNAME}
install -Dm 0644 ${EWAOL_GUEST_VM_DISK_SRC} ${D}${EWAOL_GUEST_VM_DISK_DST}
install -Dm 0644 ${EWAOL_GUEST_VM_KERNEL_SRC} ${D}${EWAOL_GUEST_VM_KERNEL_DST}
install -Dm 0640 ${EWAOL_GUEST_VM_DISK_SRC} ${D}${EWAOL_GUEST_VM_DISK_DST}
install -Dm 0640 ${EWAOL_GUEST_VM_KERNEL_SRC} ${D}${EWAOL_GUEST_VM_KERNEL_DST}
done
}
......
......@@ -76,7 +76,7 @@ do_install() {
DISK_NAME=$(echo "${PREBUILT_GUEST_VM_LIST_DISK}" | cut -d " " -f $guest_vm_instance)
install -d ${D}${sysconfdir}/xen/auto
install -Dm 0644 ${WORKDIR}/${CFG_NAME} ${D}${sysconfdir}/xen/auto/${CFG_NAME}
install -Dm 0640 ${WORKDIR}/${CFG_NAME} ${D}${sysconfdir}/xen/auto/${CFG_NAME}
KERNEL_DST=$(grep -oP '(?<=kernel = ")[^"]*' ${WORKDIR}/${CFG_NAME})
DISK_DST=$(grep -oP "(?<=target=)[^'\] ]*" ${WORKDIR}/${CFG_NAME})
......@@ -96,7 +96,7 @@ do_install() {
esac
install -d ${D}${DISK_DIRNAME}
install -Dm 0644 ${WORKDIR}/${DISK_NAME} ${D}${DISK_DST}
install -Dm 0640 ${WORKDIR}/${DISK_NAME} ${D}${DISK_DST}
KERNEL_DIRNAME=$(dirname ${KERNEL_DST})
case "${KERNEL_DIRNAME}" in
......@@ -113,7 +113,7 @@ do_install() {
esac
install -d ${D}${KERNEL_DIRNAME}
install -Dm 0644 ${WORKDIR}/${KERNEL_NAME} ${D}${KERNEL_DST}
install -Dm 0640 ${WORKDIR}/${KERNEL_NAME} ${D}${KERNEL_DST}
done
if [ ${error} -ne 0 ]; then
......
......@@ -22,6 +22,10 @@ SRC_URI:append= "\
"
do_install:append() {
# Services are not executed as root, so all users need 'read' permission to
# the config
if ${@bb.utils.contains('PACKAGECONFIG', 'dhcp-ethernet', 'true', 'false', d)}; then
NETWORK_CONF_DIR="${sysconfdir}/systemd/network/80-wired.network.d"
install -Dm 0644 ${WORKDIR}/${NETWORK_CONF_FILE} \
......
# Copyright (c) 2021, Arm Limited.
# Copyright (c) 2021-2022, Arm Limited.
#
# SPDX-License-Identifier: MIT
......@@ -9,6 +9,6 @@ QUIET_PRINTK = "20-quiet-printk.conf"
SRC_URI:append = "file://${QUIET_PRINTK}"
do_install:append() {
install -Dm 0644 ${WORKDIR}/${QUIET_PRINTK} \
install -Dm 0640 ${WORKDIR}/${QUIET_PRINTK} \
${D}${sysconfdir}/sysctl.d/${QUIET_PRINTK}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment