rpcbind: add rpc user and run rpcbind daemon with rpc user

For security policy, change to run rpcbind daemon with rpc user
just like Redhat does, so set the --with-rpcuser to rpc and add rpc user.

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>

diff --git a/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb b/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb
index d9eb1a2527fcd1c3eb4bfdeb2f142f275774c62e..23219e01bd9408821520ea1b9f97efb6d018068f 100644 (file)
--- a/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb
+++ b/meta/recipes-extended/rpcbind/rpcbind_0.2.1.bb
@@ -37,7 +37,13 @@ INITSCRIPT_PARAMS = "start 12 2 3 4 5 . stop 60 0 1 6 ."
 SYSTEMD_SERVICE_${PN} = "rpcbind.service"
 SYSTEMD_AUTO_ENABLE = "disable"
 
-EXTRA_OECONF += " --enable-warmstarts "
+inherit useradd
+
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM_${PN} = "--system --no-create-home \
+                       --shell /bin/false --user-group rpc"
+
+EXTRA_OECONF += " --enable-warmstarts --with-rpcuser=rpc"
 
 do_install_append () {
        mv ${D}${bindir} ${D}${sbindir}