[DistroKit] [PATCH 0/2] Prepare for PTXdist 2020.04.0

DistroKit Mailinglist
 help / color / mirror / Atom feed

* [DistroKit] [PATCH 0/2] Prepare for PTXdist 2020.04.0
@ 2020-04-09  7:37 Michael Olbrich
  2020-04-09  7:37 ` [DistroKit] [PATCH 1/2] ptxd_make_nfsd_exec: sync with upstream Michael Olbrich
  2020-04-09  7:37 ` [DistroKit] [PATCH 2/2] platform-v7a: run: use security_model=mapped-file when possible Michael Olbrich
  0 siblings, 2 replies; 5+ messages in thread
From: Michael Olbrich @ 2020-04-09  7:37 UTC (permalink / raw)
  To: distrokit; +Cc: Michael Olbrich

Hi,

Here are some changes that are needed/useful for PTXdist 2020.04.0.
The ptxd_make_nfsd_exec function has changed upstream so this first commit
ensures that they are in sync again.
The second patch makes use of the new features and enables
security_model=mapped-file for the 9p rootfs when possible.

Note, that both changes are backwards compatible. This can be merged before
the update to 2020.04.0.

Michael

Michael Olbrich (2):
  ptxd_make_nfsd_exec: sync with upstream
  platform-v7a: run: use security_model=mapped-file when possible

 configs/platform-v7a/run                           | 12 +++++++++---
 configs/platform-v7a/scripts/lib/ptxd_make_nfsd.sh | 10 ++++++++--
 2 files changed, 17 insertions(+), 5 deletions(-)

-- 
2.20.1


_______________________________________________
DistroKit mailing list
DistroKit@pengutronix.de

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [DistroKit] [PATCH 1/2] ptxd_make_nfsd_exec: sync with upstream
  2020-04-09  7:37 [DistroKit] [PATCH 0/2] Prepare for PTXdist 2020.04.0 Michael Olbrich
@ 2020-04-09  7:37 ` Michael Olbrich
  2020-04-09  7:55   ` Robert Schwebel
  2020-04-09  7:37 ` [DistroKit] [PATCH 2/2] platform-v7a: run: use security_model=mapped-file when possible Michael Olbrich
  1 sibling, 1 reply; 5+ messages in thread
From: Michael Olbrich @ 2020-04-09  7:37 UTC (permalink / raw)
  To: distrokit; +Cc: Michael Olbrich

Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
---
 configs/platform-v7a/scripts/lib/ptxd_make_nfsd.sh | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/configs/platform-v7a/scripts/lib/ptxd_make_nfsd.sh b/configs/platform-v7a/scripts/lib/ptxd_make_nfsd.sh
index 00fb2e8222e0..5a95628b5324 100644
--- a/configs/platform-v7a/scripts/lib/ptxd_make_nfsd.sh
+++ b/configs/platform-v7a/scripts/lib/ptxd_make_nfsd.sh
@@ -8,6 +8,7 @@
 
 ptxd_make_nfsd_exec() {
     local port
+    local client_specifications
     local root="/$(basename "${ptx_nfsroot}")"
     local base="$(dirname "${ptx_nfsroot}")"
 
@@ -15,13 +16,18 @@ ptxd_make_nfsd_exec() {
 	port=2049
     fi
 
+    if ! client_specifications="$(ptxd_get_kconfig "${PTXDIST_BOARDSETUP}" "PTXCONF_BOARDSETUP_NFSROOT_CLIENT_SPECIFICATIONS")"; then
+	client_specifications="(rw,no_root_squash)"
+    fi
+
     echo
     echo "Mount rootfs with nfsroot=${root},v3,tcp,port=${port},mountport=${port}"
     echo
 
     #insecure for qemu with -net user
-    echo "/ (rw,no_root_squash,insecure)" > "${PTXDIST_TEMPDIR}/exports" &&
-    UNFS_BASE="${base}" unfsd -e "${PTXDIST_TEMPDIR}/exports" -n ${port} -m ${port} -p -d
+    client_specifications="${client_specifications},insecure"
+    echo "/ ${client_specifications}" > "${PTXDIST_TEMPDIR}/exports" &&
+    UNFS_BASE="${base}" unfsd -e "${PTXDIST_TEMPDIR}/exports" -n ${port} -m ${port} -p -d "${@}"
 }
 export -f ptxd_make_nfsd_exec
 
-- 
2.20.1


_______________________________________________
DistroKit mailing list
DistroKit@pengutronix.de

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [DistroKit] [PATCH 2/2] platform-v7a: run: use security_model=mapped-file when possible
  2020-04-09  7:37 [DistroKit] [PATCH 0/2] Prepare for PTXdist 2020.04.0 Michael Olbrich
  2020-04-09  7:37 ` [DistroKit] [PATCH 1/2] ptxd_make_nfsd_exec: sync with upstream Michael Olbrich
@ 2020-04-09  7:37 ` Michael Olbrich
  2020-04-09  7:56   ` Robert Schwebel
  1 sibling, 1 reply; 5+ messages in thread
From: Michael Olbrich @ 2020-04-09  7:37 UTC (permalink / raw)
  To: distrokit; +Cc: Michael Olbrich

PTXdist can now provide the necessary metadata files for
security_model=mapped-file. With this enabled, the rootfs on 9p has the
correct ownership and permissions.

Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
---
 configs/platform-v7a/run | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/configs/platform-v7a/run b/configs/platform-v7a/run
index 3a65c43da7be..1dc4fd645d88 100755
--- a/configs/platform-v7a/run
+++ b/configs/platform-v7a/run
@@ -67,6 +67,12 @@ fi
 
 BASE_CMDLINE="console=ttyAMA0,115200 loglevel=5 systemd.log_level=warning systemd.show_status=auto"
 
+if [ -d "${PTXDIST_PLATFORMDIR}/root/.virtfs_metadata" ]; then
+	security_model="mapped-file"
+else
+	security_model="none"
+fi
+
 # Machine to emulate
 QEMU_ARGS=( -machine vexpress-a9 -cpu cortex-a9 -smp 4 -m 1024M )
 # disable graphics output
@@ -122,7 +128,7 @@ check_flash() {
 run_qemu_9p() {
 	exec ${QEMU_EXEC} \
 		"${QEMU_ARGS[@]}" \
-		-fsdev local,id=rootfs,path=${PTXDIST_PLATFORMDIR}/root,security_model=none \
+		-fsdev local,id=rootfs,path=${PTXDIST_PLATFORMDIR}/root,security_model="${security_model}" \
 		-device virtio-9p-device,fsdev=rootfs,mount_tag=/dev/root \
 		"${QEMU_EXTRA_ARGS[@]}" \
 		"${QEMU_LINUX_ARGS[@]}" \
@@ -164,9 +170,9 @@ run_qemu_barebox() {
 	exec ${QEMU_EXEC} \
 		"${QEMU_ARGS[@]}" \
 		-smp 1 \
-		-fsdev local,id=rootfs,path=${PTXDIST_PLATFORMDIR}/root,security_model=none \
+		-fsdev local,id=rootfs,path=${PTXDIST_PLATFORMDIR}/root,security_model="${security_model}" \
 		-device virtio-9p-device,fsdev=rootfs,mount_tag=/dev/root \
-		-fsdev local,id=images,path=${PTXDIST_PLATFORMDIR}/images,security_model=none \
+		-fsdev local,id=images,path=${PTXDIST_PLATFORMDIR}/images,security_model="${security_model}" \
 		-device virtio-9p-device,fsdev=images,mount_tag=/dev/images \
 		-drive if=sd,format=raw,file=${PTXDIST_PLATFORMDIR}/images/vexpress.hdimg,id=mmc0 \
 		-drive if=pflash,format=raw,file=${PTXDIST_PLATFORMDIR}/images/vexpress.norimg,id=nor0 \
-- 
2.20.1


_______________________________________________
DistroKit mailing list
DistroKit@pengutronix.de

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [DistroKit] [PATCH 1/2] ptxd_make_nfsd_exec: sync with upstream
  2020-04-09  7:37 ` [DistroKit] [PATCH 1/2] ptxd_make_nfsd_exec: sync with upstream Michael Olbrich
@ 2020-04-09  7:55   ` Robert Schwebel
  0 siblings, 0 replies; 5+ messages in thread
From: Robert Schwebel @ 2020-04-09  7:55 UTC (permalink / raw)
  To: Michael Olbrich; +Cc: distrokit

On Thu, Apr 09, 2020 at 09:37:30AM +0200, Michael Olbrich wrote:
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> ---
>  configs/platform-v7a/scripts/lib/ptxd_make_nfsd.sh | 10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)

Applied to next.

rsc
-- 
Pengutronix e.K.                           | Dipl.-Ing. Robert Schwebel  |
Steuerwalder Str. 21                       | https://www.pengutronix.de/ |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
DistroKit mailing list
DistroKit@pengutronix.de

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [DistroKit] [PATCH 2/2] platform-v7a: run: use security_model=mapped-file when possible
  2020-04-09  7:37 ` [DistroKit] [PATCH 2/2] platform-v7a: run: use security_model=mapped-file when possible Michael Olbrich
@ 2020-04-09  7:56   ` Robert Schwebel
  0 siblings, 0 replies; 5+ messages in thread
From: Robert Schwebel @ 2020-04-09  7:56 UTC (permalink / raw)
  To: Michael Olbrich; +Cc: distrokit

On Thu, Apr 09, 2020 at 09:37:31AM +0200, Michael Olbrich wrote:
> PTXdist can now provide the necessary metadata files for
> security_model=mapped-file. With this enabled, the rootfs on 9p has the
> correct ownership and permissions.
> 
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> ---
>  configs/platform-v7a/run | 12 +++++++++---
>  1 file changed, 9 insertions(+), 3 deletions(-)

Applied to next.

rsc

_______________________________________________
DistroKit mailing list
DistroKit@pengutronix.de

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2020-04-09  7:56 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-09  7:37 [DistroKit] [PATCH 0/2] Prepare for PTXdist 2020.04.0 Michael Olbrich
2020-04-09  7:37 ` [DistroKit] [PATCH 1/2] ptxd_make_nfsd_exec: sync with upstream Michael Olbrich
2020-04-09  7:55   ` Robert Schwebel
2020-04-09  7:37 ` [DistroKit] [PATCH 2/2] platform-v7a: run: use security_model=mapped-file when possible Michael Olbrich
2020-04-09  7:56   ` Robert Schwebel

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox