@@ -16,6 +16,7 @@ config BR2_PACKAGE_PETITBOOT
select BR2_PACKAGE_KEXEC_LITE if BR2_PACKAGE_KEXEC_LITE_ARCH_SUPPORTS && !BR2_PACKAGE_KEXEC
select BR2_PACKAGE_NVME if ( BR2_powerpc || BR2_powerpc64 || BR2_powerpc64le )
select BR2_PACKAGE_POWERPC_UTILS if ( BR2_powerpc || BR2_powerpc64 || BR2_powerpc64le )
+ select BR2_PACKAGE_UTIL_LINUX_AGETTY
help
Petitboot is a small kexec-based bootloader
@@ -12,7 +12,9 @@ fi
start() {
printf 'Starting %s: ' "$DAEMON"
- mkdir -p /var/log/petitboot
+ # shellcheck disable=SC2174 # only apply -m to deepest dir
+ mkdir -p -m 0775 /var/log/petitboot
+ chown petituser:petitgroup /var/log/petitboot
# shellcheck disable=SC2086 # we need the word splitting
start-stop-daemon -S -q -b -m -p "$PIDFILE" -x "/usr/sbin/$DAEMON" \
@@ -3,14 +3,16 @@
DAEMON="pb-console"
PB_CONSOLE_PORT=${2:-"console"}
-PB_CONSOLE_ARGS="--getty --detach -- -n -i 0 $PB_CONSOLE_PORT linux"
+PB_CONSOLE_ARGS="--getty=/sbin/agetty --detach -- -a petituser -n -i $PB_CONSOLE_PORT linux"
# shellcheck source=/dev/null
[ -r "/etc/default/petitboot" ] && . "/etc/default/petitboot"
start() {
printf 'Starting %s on %s: ' "$DAEMON" "$PB_CONSOLE_PORT"
- mkdir -p /var/log/petitboot
+ # shellcheck disable=SC2174 # only apply -m to deepest dir
+ mkdir -p -m 0775 /var/log/petitboot
+ chown petituser:petitgroup /var/log/petitboot
# shellcheck disable=SC2086 # we need the word splitting
start-stop-daemon -S -q -x "/usr/libexec/petitboot/$DAEMON" \
@@ -84,6 +84,8 @@ define PETITBOOT_POST_INSTALL
$(TARGET_DIR)/etc/init.d/pb-console
$(INSTALL) -D -m 0755 $(PETITBOOT_PKGDIR)/pb-shell \
$(TARGET_DIR)/usr/libexec/petitboot/pb-shell
+ $(INSTALL) -D -m 0755 $(PETITBOOT_PKGDIR)/shell_profile \
+ $(TARGET_DIR)/home/petituser/.profile
mkdir -p $(TARGET_DIR)/etc/udev/rules.d
for port in $(PETITBOOT_GETTY_PORT); do \
@@ -97,4 +99,8 @@ endef
PETITBOOT_POST_INSTALL_TARGET_HOOKS += PETITBOOT_POST_INSTALL
+define PETITBOOT_USERS
+ petituser -1 petitgroup -1 * /home/petituser /bin/sh - petitboot user
+endef
+
$(eval $(autotools-package))
new file mode 100644
@@ -0,0 +1,3 @@
+if [ "$PPID" = "1" ]; then
+ exec /usr/libexec/petitboot/pb-console
+fi
Though the petitboot UI is a user application, it is currently being run by root only because we use getty to display it on the console. Create an unprivileged user to run the UI instead. The unix socket the pb-discover daemon sets up is accessible to "petitgroup", so that should be the gid, with arbitrary uid "petituser" to match. This is currently the chain of processes leading to the UI: 1. /etc/init.d/pb-console start console 2. /usr/libexec/petitboot/pb-console --getty --detach -- -n -i 0 console linux 3. /sbin/getty -l/usr/libexec/petitboot/pb-console -n -i 0 console linux 4. /usr/libexec/petitboot/pb-console 5. /usr/sbin/petitboot-nc Instead of (3) running the pb-console helper directly with "getty -l", we can use "agetty -a" to autologin petituser, and run pb-console via petituser's login shell: 1. /etc/init.d/pb-console start console 2. /usr/libexec/petitboot/pb-console --getty=/sbin/agetty --detach -- -a petituser -n -i console linux 3. /sbin/agetty -a petituser -n -i console linux 4. /home/petituser/.profile 5. /usr/libexec/petitboot/pb-console 6. /usr/sbin/petiboot-nc Here, everything from (4) down is running as petituser. In (4), use $PPID to determine if we're logging in via getty, so that logging in by other means will give a normal shell. Signed-off-by: Reza Arbab <arbab@linux.ibm.com> --- package/petitboot/Config.in | 1 + package/petitboot/S15pb-discover | 4 +++- package/petitboot/pb-console | 6 ++++-- package/petitboot/petitboot.mk | 6 ++++++ package/petitboot/shell_profile | 3 +++ 5 files changed, 17 insertions(+), 3 deletions(-) create mode 100644 package/petitboot/shell_profile