Hi Jose! I think you missed some parts.. here is the place where gumd copy extended file attributes as you desire. https://review.tizen.org/gerrit/gitweb?p=platform/upstream/gumd.git;a=blob;f=src/common/gum-file.c;h=a56126ab55879c6da324bacedb87c4191ddd2d37;hb=HEAD#l156
The reason to set smack labels for files came when by default gumd was creating/copying home folder and the smack label was either not set in /etc/skel or it was set (IIRC) "Systemd" So we have to fix that behaviour/issue. Nevertheless, it can be modified with minor changes provided we know that a- What should be the smack label for newly created folder/files in Tizen? b- /etc/skel has the correct extended attributes in Tizen, so when copying files gumd shouldnt make any changes? Can you please confirm above in Tizen and I will make sure that it is fixed in gumd accordingly :-) BR imran ________________________________________ From: José Bollo [[email protected]] Sent: 12 December 2014 17:59 To: Zaman, Imran Cc: Maciej Wereski; [email protected]; Ohly, Patrick Subject: Re: [Dev] useradd/del in postin/un Le jeudi 27 novembre 2014 à 12:15 +0000, Zaman, Imran a écrit : > HI > > Patrick, IMO gum-utils (offline mode) can be used for all the cases instead > of user/group add/del scripts. Please let me know if something is missing (or > needs improvements) I can add those to gumd. > One thing I know is to update the gum-utils documentation to be more clear. > > Jose, can you please elaborate exactly what do you think MUST be added to > gumd and is missing and then I can allocate my time for it? Hello Imran, Sorry for the long delay! I've just check how skeleton are created and I am thinking that it must be changed. Your implementation is setting the smack label to files in an uniform way: it reads the label to set in the configuration file and set it to all file created (except maybe, not sure, if config value is empty). The skeleton directory will contain more than one label. The directories for common media like picture, video, music for example will have the label SHARED while other directories will be transmuting with label PRIVATE, .... So what pwdutils is doing is to copy the files of skeleton and preserving their extended attributes. I am thinking that it is a more valuable solution. Best regards José Bollo > Maciej, IMO thats one of the downsides of systemd that it encapsulates > "everything" which it should not; maintainence, upgrades to systemd is always > challenging and cumbersome. More importantly with gumd in place, we can do > changes almost instantly as per our needs (see security manager and gumd > thread plz) rather than going for systemd's sysusers thingy. > > BR > imran > ________________________________________ > From: Dev [[email protected]] on behalf of Maciej Wereski > [[email protected]] > Sent: 27 November 2014 13:41 > To: [email protected] > Subject: Re: [Dev] useradd/del in postin/un > > Hello, > > 27.11.2014 at 10:23 Patrick Ohly <[email protected]> wrote: > > > Hello! > > It hasn't become clear to me in the gumd and image creation discussions > > whether .rpm postin/un scripts can still depend on useradd and userdel > > to create users for system services (example: avahi daemon runs as user > > "avahi") dynamically. > > > > If so, what are the right runtime dependencies (if any) to ensure that > > the commands are really available? > > > > If not, then I guess we maintain a static configuration of such daemons > > and never modify it during package install/uninstall? Again, avahi is a > > good example, because that's what's currently done for the "avahi" user > > (see > > https://review.tizen.org/gerrit/#/admin/projects/platform/upstream/setup). > > > In a few days systemd will be updated to v216. It contains feature called > sysusers, which is responsible for creating such users and groups. Package > that needs some users/groups should just provide appropriate config file. > More information can be found on man page: > <http://www.freedesktop.org/software/systemd/man/sysusers.d.html>. > > Is it possible to use this tool in Tizen? If yes, then we'll enable it > after update. > > cheers, > -- > Maciej Wereski > Samsung R&D Institute Poland > Samsung Electronics > [email protected] > _______________________________________________ > Dev mailing list > [email protected] > https://lists.tizen.org/listinfo/dev > --------------------------------------------------------------------- > Intel Finland Oy > Registered Address: PL 281, 00181 Helsinki > Business Identity Code: 0357606 - 4 > Domiciled in Helsinki > > This e-mail and any attachments may contain confidential material for > the sole use of the intended recipient(s). Any review or distribution > by others is strictly prohibited. If you are not the intended > recipient, please contact the sender and delete all copies. > > _______________________________________________ > Dev mailing list > [email protected] > https://lists.tizen.org/listinfo/dev --------------------------------------------------------------------- Intel Finland Oy Registered Address: PL 281, 00181 Helsinki Business Identity Code: 0357606 - 4 Domiciled in Helsinki This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies. _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
