[Buildroot] [ PATCH v4 16/20] busybox: add option to install individual binaries
Clayton Shotwell
clshotwe at rockwellcollins.com
Tue Dec 17 17:47:20 UTC 2013
Thomas,
Thomas Petazzoni <thomas.petazzoni at free-electrons.com> wrote on 12/15/2013
10:10:59 AM:
> > >
> > > +config BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES
> > > + bool "Individual binaries"
> >
> > This really lacks some help text, even I had no idea what it meant
> > at first. I guess the text from busybox can just be reused - though
> > for SELinux there's obviously a different reason.
>
> In fact, the patches from me in this series were not really meant to be
> sent to the list. They are proof-of-concept patches that I did to help
> Clayton, but some more work was needed before they could be submit for
> real.
I apologize for just sending these out without any context or much of a
second review.
I will get them cleaned up a little bit and resubmit them.
> > If your CPU architecture doesn't allow for sharing
> > text/rodata sections of running binaries, but allows for runtime
> > dynamic libraries, this option will allow you to reduce memory
> > footprint when you have many different applets running at once.
> >
> > If your CPU architecture allows for sharing text/rodata,
> > having single binary is more optimal.
> >
> > Each applet will be a tiny program, dynamically linked
> > against libbusybox.so.N.N.N.
> >
> > You need to have a working dynamic linker.
>
> In the context of SELinux, it's because SELinux can only apply
> different security policies to the various applets if they use
> different binaries.
>
> > That last sentence makes me think that we're missing a depends on
> > !BR2_PREFER_STATIC here.
>
> Indeed.
>
> Also, I am not sure we want to show this option in the top-level
> package menuconfig. So, we can either:
>
> * Have a sub-menu for Busybox customization options
> * Make this behavior automatic whenever SELinux support is enabled,
> and only in this case
>
> > > +ifeq ($(BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES),y)
> > > +define BUSYBOX_PERMISSIONS
> > > +/usr/share/udhcpc/default.script f 755 0 0 - - - - -
> >
> > Isn't setuid root needed anymore for /bin/login? Same for passwd,
> > su, probably others...
>
> Most likely yes. I have been able to log into the system with this
> patch, though.
I will come up with a base list of applications that need suid and add
it to the patch.
Thanks,
Clayton
Clayton Shotwell
Software Engineer
clshotwe at rockwellcollins.com
www.rockwellcollins.com
More information about the buildroot
mailing list