Discussion:
Path to aufhsmd and aufhsm-list
Guan Xin
2016-10-03 05:06:50 UTC
Permalink
Hello,

The destination directories to the library can be set on the make
command line according the master Makefile of aufs-util.
However, the Makefile in the fhsm subdirectory has hard coded
install_ulib to install to /usr/lib.
Did I miss something (e.g., another dedicated command line parameter),
or is there a reason for not allowing installation to other
directories such as /usr/libexec, etc.?

Regards,
Guan
s***@users.sourceforge.net
2016-10-03 14:47:08 UTC
Permalink
Hello Guan,
Post by Guan Xin
However, the Makefile in the fhsm subdirectory has hard coded
install_ulib to install to /usr/lib.
Did I miss something (e.g., another dedicated command line parameter),
or is there a reason for not allowing installation to other
directories such as /usr/libexec, etc.?
The reason is that those commands are invoked from another command via
execve().
As you might know, specifying the full path is one approach to make it
secure. If you want to install them other than /usr/lib, you need to
change these lines too.

./fhsm/Makefile:38:override CPPFLAGS += -DAUFHSM_LIST_CMD=\"/usr/lib/aufhsm-list\"
./fhsm/Makefile:39:override CPPFLAGS += -DAUFHSMD_CMD=\"/usr/lib/aufhsmd\"


J. R. Okajima
Guan Xin
2016-10-03 17:59:41 UTC
Permalink
Post by s***@users.sourceforge.net
Hello Guan,
The reason is that those commands are invoked from another command via
execve().
As you might know, specifying the full path is one approach to make it
secure. If you want to install them other than /usr/lib, you need to
change these lines too.
./fhsm/Makefile:38:override CPPFLAGS += -DAUFHSM_LIST_CMD=\"/usr/lib/aufhsm-list\"
./fhsm/Makefile:39:override CPPFLAGS += -DAUFHSMD_CMD=\"/usr/lib/aufhsmd\"
J. R. Okajima
Thanks for the clarification!

Looking closer at FHS, I see /usr/lib gives better compatibility than
/usr/libexec, and quite a few software (such as rpm, udisks2, etc.) do
use /usr/lib to store internal programs. So it's fine to have the path
hard coded into the Makefile.

Best regards,
Guan

Loading...