From: Maciej Borzecki <maciej.borzecki@open-rnd.pl>
Date: Wed, 10 Feb 2016 12:32:55 +0000 (+0100)
Subject: systemd: tighten timesyncd and journal-gateway user accounts
X-Git-Tag: 2016-4~993
X-Git-Url: https://code.ossystems.io/gitweb?a=commitdiff_plain;h=a415253fa234212e82cf4ad230faf5f6af005403;p=openembedded-core.git

systemd: tighten timesyncd and journal-gateway user accounts

Make sure that systemd-timesync and systemd-journal-gateway are created
without dedicated home directories, home set to / and /bin/nologin as
shell. This makes us in sync with what systemd-sysusers sets when
adding users during startup.

Signed-off-by: Maciej Borzecki <maciej.borzecki@open-rnd.pl>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-core/systemd/systemd_228.bb b/meta/recipes-core/systemd/systemd_228.bb
index ab88c554db..fe2cfb529f 100644
--- a/meta/recipes-core/systemd/systemd_228.bb
+++ b/meta/recipes-core/systemd/systemd_228.bb
@@ -304,8 +304,8 @@ SYSTEMD_PACKAGES = "${PN}-binfmt"
 SYSTEMD_SERVICE_${PN}-binfmt = "systemd-binfmt.service"
 
 USERADD_PACKAGES = "${PN}"
-USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '--system systemd-journal-gateway;', '', d)}"
-USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'timesyncd', '--system systemd-timesync;', '', d)}"
+USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '--system -d / -M --shell /bin/nologin systemd-journal-gateway;', '', d)}"
+USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'timesyncd', '--system -d / -M --shell /bin/nologin systemd-timesync;', '', d)}"
 GROUPADD_PARAM_${PN} = "-r lock; -r systemd-journal"
 
 FILES_${PN}-analyze = "${bindir}/systemd-analyze"