Context Navigation

-                      r03679c8
+                      rd2ecc65
   <title>Changing Ownership</title>
+  <para os="a">Currently, the <filename class="directory">${CLFS}</filename>
+  directory and all of its subdirectories  are owned by the user
+  <systemitem class="username">clfs</systemitem>, a user that exists only
+  on the host system. For security reasons, the ${CLFS} root directory and
+  all of its subdirectories should be owned by
+  <systemitem class="username">root</systemitem>. Change the ownership
+  for ${CLFS} and its subdirectories by running this command:</para>
+  <para os="a">Currently, the <filename class="directory">/tools</filename>
+  and <filename class="directory">/cross-tools</filename> directories
+  are owned by the user <emphasis>clfs</emphasis>, a user that
+  exists only on the host system. Although <filename
+  class="directory">/tools</filename> and <filename
+  class="directory">/cross-tools</filename> can be deleted once the CLFS
+  system has been finished, they can be retained to build
+  additional CLFS systems. If the <filename class="directory">/tools</filename>
+  and <filename class="directory">/cross-tools</filename> directories are
+  kept as is, the files are owned by a user ID without a corresponding
+  account. This is dangerous because a user account created later could
+  get this same user ID and would own these directories and all the files
+  therein, thus exposing those files to possible malicious manipulation.</para>
+<screen os="b"><userinput>chown -Rv &uid-root;:&gid-root; ${CLFS}</userinput></screen>
+  <para os="b">One possible fix for this issue might be to add the
+  <systemitem class="username">clfs</systemitem> user to the new CLFS system
+  later when creating the <filename>/etc/passwd</filename> file, taking care
+  to assign it the same user and group IDs as on the host system. Alternatively,
+  assign the contents of the <filename class="directory">/tools</filename>
+  and <filename class="directory">/cross-tools</filename> directories to
+  user <systemitem class="username">root</systemitem> by running the
+  following commands:</para>
+<screen os="c"><userinput>chown -Rv 0:0 ${CLFS}/tools
+chown -Rv 0:0 ${CLFS}/cross-tools</userinput></screen>
 </sect1>

BOOK/boot/common/createfiles.xml

-                      r03679c8
+                      rd2ecc65
   the next chapter after the software has been installed.</para>
 <screen><userinput>ln -sv /tools/bin/{bash,cat,echo,grep,login,pwd,stty} ${CLFS}/bin
+<screen os="b"><userinput>ln -sv /tools/bin/{bash,cat,echo,grep,login,pwd,stty} ${CLFS}/bin
 ln -sv /tools/bin/file ${CLFS}/usr/bin
 ln -sv /tools/lib/libgcc_s.so{,.1} ${CLFS}/usr/lib
 ln -sv /tools/lib/libstdc++.so{.6,} ${CLFS}/usr/lib
 sed -e 's/tools/usr/' /tools/lib/libstdc++.la > ${CLFS}/usr/lib/libstdc++.la
+sed -e 's/tools/usr/' /tools/lib/libstdc++.la &gt; ${CLFS}/usr/lib/libstdc++.la
 ln -sv bash ${CLFS}/bin/sh
+ln -sv /run ${CLFS}/var/run</userinput></screen>
+ln -sv ../run ${CLFS}/var/run
+ln -sv /tools/sbin/{fsck.ext2,fsck.ext3,fsck.ext4,e2fsck} ${CLFS}/sbin
+ln -sv /tools/sbin/init ${CLFS}/sbin
+ln -sv /tools/etc/{login.{access,defs},limits} ${CLFS}/etc</userinput></screen>
   <para os="c">Historically, Linux maintains a list of the mounted file systems

BOOK/boot/common/creatingdirs.xml

-                      r03679c8
+                      rd2ecc65
   <title>Creating Directories</title>
+  <para os="a">It is time to create some structure in the CLFS file system. Create a
+    <note os="a">
+      <para>The commands in the remainder of the book should be run as
+      the <systemitem class="username">root</systemitem> user. Check
+      that ${CLFS} is set in the
+      <systemitem class="username">root</systemitem> user&rsquo;s environment
+       before proceeding.</para>
+    </note>
+  <para os="b">It is time to create some structure in the CLFS file system. Create a
   standard directory tree by issuing the following commands:</para>
 <screen os="b"><userinput>mkdir -pv ${CLFS}/{bin,boot,dev,{etc/,}opt,home,lib,mnt}
+<screen os="c"><userinput>mkdir -pv ${CLFS}/{bin,boot,dev,{etc/,}opt,home,lib/firmware,mnt}
 mkdir -pv ${CLFS}/{proc,media/{floppy,cdrom},run/{,shm},sbin,srv,sys}
 mkdir -pv ${CLFS}/var/{lock,log,mail,spool}
 …
 mkdir -pv ${CLFS}/usr/{,local/}share/man/man{1,2,3,4,5,6,7,8}</userinput></screen>
   <para os="c">Directories are, by default, created with permission mode 755,
+  <para os="d">Directories are, by default, created with permission mode 755,
   but this is not desirable for all directories. In the commands above,
   two changes are made&mdash;one to the home directory of user
 …
   directories for temporary files.</para>
   <para os="d">The first mode change ensures that not just anybody can enter
+  <para os="e">The first mode change ensures that not just anybody can enter
   the <filename class="directory">/root</filename> directory&mdash;the
   same as a normal user would do with his or her home directory. The
 …
 bit mask.</para>
   <sect2 os="e">
+  <sect2 os="f">
     <title>FHS Compliance Note</title>

BOOK/boot/common/devices.xml

-                      r03679c8
+                      rd2ecc65
     <title>Creating Initial Device Nodes</title>
-    <note os="a">
-      <para>The commands in the remainder of the book should be run as
-      the <systemitem class="username">root</systemitem> user. Check
-      that ${CLFS} is set in the
-      <systemitem class="username">root</systemitem> user&rsquo;s environment
-       before proceeding.</para>
-    </note>
     <para os="b">When the kernel boots the system, it requires the presence
     of a few device nodes, in particular the <filename

BOOK/boot/common/e2fsprogs.xml

-                      r03679c8
+                      rd2ecc65
     xpointer="xpointer(//*[@os='l'])"/>
-    <para os="ad">Create needed symlinks for a bootable system:</para>
-<screen os="ae"><userinput>ln -sv /tools/sbin/{fsck.ext2,fsck.ext3,fsck.ext4,e2fsck} ${CLFS}/sbin</userinput></screen>
   </sect2>

BOOK/boot/common/eudev.xml

-                      r03679c8
+                      rd2ecc65
     loaded by <command>udev</command>:</para>
 <screen os="k"><userinput>install -dv ${CLFS}/lib/firmware</userinput></screen>
+<screen os="k"><userinput>install -dv /tools/lib/firmware</userinput></screen>
     <para os="r1">Create a dummy rule so that Eudev will name ethernet devices properly for the system.</para>
 …
         v4l_id, write_cd_rules, write_net_rules</seg>
         <seg>libudev</seg>
         <seg>/etc/udev, /lib/firmware, /lib/udev, /usr/share/doc/udev</seg>
+        <seg>/tools/etc/udev, /tools/lib/firmware, /tools/lib/udev</seg>
       </seglistitem>
     </segmentedlist>

BOOK/boot/common/introduction.xml

-                      r03679c8
+                      rd2ecc65
   build the final system packages.</para>
-  <para>There are a few additional packages that will need to be
-  installed to allow you to boot the minimal system. They will be installed
-  into <filename class="directory">/tools</filename>, but a few additional
-  files and symlinks will be needed on the CLFS partition to be able to boot
-  and log in. This will require the
-  <systemitem class="username">clfs</systemitem> user to have write access to
-  the rest of the CLFS partition, so you will need to temporarily change the
-  ownership of ${CLFS} to the <systemitem class="username">clfs</systemitem> user.
-  Run the following command as <systemitem
-  class="username">root</systemitem>:</para>
-<screen><userinput>chown -v clfs ${CLFS}</userinput></screen>
 </sect1>

BOOK/boot/common/kmod.xml

-                      r03679c8
+                      rd2ecc65
   <sect2 role="installation">
     <title>Installation of Kmod</title>
+    <para os="s1">Tell Kmod to use <filename class="directory">/tools/lib/modules</filename>:</para>
+<screen os="s2"><userinput>cp -v libkmod/libkmod.c{,.orig}
+sed '/dirname_default_prefix /s@/lib/modules@/tools&amp;@' \
+    libkmod/libkmod.c.orig &gt; libkmod/libkmod.c</userinput></screen>
     <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
 …
     xpointer="xpointer(//*[@os='i'])"/>
+<screen os="j"><userinput>ln -sv /tools/bin/kmod ${CLFS}/bin
+ln -sv kmod ${CLFS}/bin/lsmod
+ln -sv ../bin/kmod ${CLFS}/sbin/depmod
+ln -sv ../bin/kmod ${CLFS}/sbin/insmod
+ln -sv ../bin/kmod ${CLFS}/sbin/modprobe
+ln -sv ../bin/kmod ${CLFS}/sbin/modinfo
+ln -sv ../bin/kmod ${CLFS}/sbin/rmmod</userinput></screen>
+<screen os="j"><userinput>ln -sfv kmod /tools/bin/lsmod
+for tool in depmod insmod modprobe modinfo rmmod; do
+    ln -sv ../bin/kmod /tools/sbin/${tool}
+done</userinput></screen>
   </sect2>

BOOK/boot/common/shadow.xml

-                      r03679c8
+                      rd2ecc65
 sed '/PASSWD_PROGRAM/s@/bin/passwd@/tools&amp;@' config.h.orig &gt; config.h</userinput></screen>
     <para os="h">Compile the package:</para>
+    <para os="h">Prevent Shadow from setting installed programs suid:</para>
+<screen os="i"><userinput>make</userinput></screen>
+<screen os="i"><userinput>cp -v src/Makefile{,.orig}
+sed 's/\(^suidu*bins = \).*/\1/' src/Makefile.orig &gt; src/Makefile</userinput></screen>
     <para os="j">Install the package:</para>
+    <para os="j">Compile the package:</para>
 <screen os="k"><userinput>make install</userinput></screen>
+<screen os="k"><userinput>make</userinput></screen>
     <para os="l">Create needed symlinks to be able to log on:</para>
+    <para os="l">Install the package:</para>
 <screen os="m"><userinput>ln -sv /tools/etc/{login.{access,defs},limits} ${CLFS}/etc</userinput></screen>
+<screen os="m"><userinput>make install</userinput></screen>
   </sect2>

BOOK/boot/common/sysvinit.xml

-                      r03679c8
+                      rd2ecc65
    <para os="e">Install the package:</para>
+<screen os="ad"><userinput>make -C src ROOT=/tools install
+ln -svf /tools/sbin/init ${CLFS}/sbin</userinput></screen>
+<screen os="ad"><userinput>make -C src ROOT=/tools install</userinput></screen>
   </sect2>

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset d2ecc65 for BOOK/boot/common

Legend:

Download in other formats: