petitboot: Enable user separation
Turn on support for unprivileged user accounts in the Petitboot
environment, including setting up a basic non-root user and group.
The implementation also requires using the agetty package rather than
the busybox getty utility, calling the initial pb-console helper on
login rather than directly, and moving some shell init logic from
Petitboot and into a .shrc script.
If no root password is configured in NVRAM or at runtime then this has
no effect aside from some nicer shell behaviour. Once a password is
configured then most actions in Petitboot will require this password and
the shell runs as a normal user.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
diff --git a/openpower/package/petitboot/S15pb-discover b/openpower/package/petitboot/S15pb-discover
index 8f9638c..9d9ec57 100755
--- a/openpower/package/petitboot/S15pb-discover
+++ b/openpower/package/petitboot/S15pb-discover
@@ -15,7 +15,12 @@
case "$1" in
start)
ulimit -c unlimited
- mkdir -p $(dirname $LOGFILE)
+ mkdir -p -m 0775 $(dirname $LOGFILE)
+ mkdir -p -m 0775 /var/petitboot
+ # Set permissions for normal users
+ chown -R root:petitgroup $(dirname $LOGFILE)
+ chown -R root:petitgroup /var/petitboot
+
export $(cat /etc/locale)
pb-discover -l $LOGFILE $verbose &
echo $! > $PIDFILE