package/petitboot: run UI as non-root user
Though the petitboot UI is a user application, it is currently being
run by root only because we use getty to display it on the console.
Create an unprivileged user to run the UI instead. The unix socket the
pb-discover daemon sets up is accessible to "petitgroup", so that should
be the gid, with arbitrary uid "petituser" to match.
This is currently the chain of processes leading to the UI:
1. /etc/init.d/pb-console start console
2. /usr/libexec/petitboot/pb-console --getty --detach -- -n -i 0 console linux
3. /sbin/getty -l/usr/libexec/petitboot/pb-console -n -i 0 console linux
4. /usr/libexec/petitboot/pb-console
5. /usr/sbin/petitboot-nc
Instead of (3) running the pb-console helper directly with "getty -l",
we can use "agetty -a" to autologin petituser, and run pb-console via
petituser's login shell:
1. /etc/init.d/pb-console start console
2. /usr/libexec/petitboot/pb-console --getty=/sbin/agetty --detach -- -a petituser -n -i console linux
3. /sbin/agetty -a petituser -n -i console linux
4. /home/petituser/.profile
5. /usr/libexec/petitboot/pb-console
6. /usr/sbin/petiboot-nc
Here, everything from (4) down is running as petituser. In (4), use
$PPID to determine if we're logging in via getty, so that logging in by
other means will give a normal shell. Otherwise we would recurse when
trying to get a shell from the menu.
Signed-off-by: Reza Arbab <[email protected]>
[Arnout: explicitly select util-linux, even though it comes indirectly
through other dependencies]
Signed-off-by: Arnout Vandecappelle <[email protected]>
projects / buildroot-mgba.git / commit