mirrors/meta-arm
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-arm synced 2026-01-11 15:00:39 +00:00
Code Issues Projects Releases Wiki Activity

optee-client: drop privileges of tee-supplicant

Browse Source 
Stop the tee-supplicant being run with root privileges when the system
is not using systemd.

Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit is contained in:
Gyorgy Szing
2025-04-02 16:16:50 +02:00
committed by Jon Mason
parent 91cacb6332
commit 516eb0672f
2 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
meta-arm/recipes-security/optee/optee-client.inc
View File

@@ -32,6 +32,8 @@ do_install:append() {
install -D -p -m0755 ${UNPACKDIR}/tee-supplicant.sh ${D}${sysconfdir}/init.d/tee-supplicant
sed -i -e s:@sysconfdir@:${sysconfdir}:g \
-e s:@sbindir@:${sbindir}:g \
-e s:@supluser@:teesuppl:g \
-e s:@suplgroup@:teesuppl:g \
${D}${sysconfdir}/init.d/tee-supplicant
fi
install -o teesuppl -g teesuppl -m 0700 -d ${D}${localstatedir}/lib/tee

2
meta-arm/recipes-security/optee/optee-client/tee-supplicant.sh
View File

@@ -14,7 +14,7 @@ test -f $DAEMON || exit 0
test -f @sysconfdir@/default/$NAME && . @sysconfdir@/default/$NAME
test -f @sysconfdir@/default/rcS && . @sysconfdir@/default/rcS
SSD_OPTIONS="--oknodo --quiet --exec $DAEMON -- -d $OPTARGS"
SSD_OPTIONS="-c @supluser@:@suplgroup@ --oknodo --quiet --exec $DAEMON -- -d $OPTARGS"
set -e