diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0-r62.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0-r63.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0-r62.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0-r63.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild index 8596dc24ca..bbea6c902f 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild @@ -195,99 +195,53 @@ pkg_postinst() { copy_or_add_daemon_user "ntp" 203 copy_or_add_daemon_user "sshd" 204 copy_or_add_daemon_user "polkituser" 206 # For policykit - copy_or_add_daemon_user "tss" 207 # For trousers (TSS/TPM) +# copy_or_add_daemon_user "tss" 207 # For trousers (TSS/TPM) copy_or_add_daemon_user "pkcs11" 208 # For pkcs11 clients copy_or_add_daemon_user "qdlservice" 209 # for QDLService - copy_or_add_daemon_user "cromo" 210 # For cromo (modem manager) +# copy_or_add_daemon_user "cromo" 210 # For cromo (modem manager) # copy_or_add_daemon_user "cashew" 211 # Deprecated, do not reuse copy_or_add_daemon_user "ipsec" 212 # For strongswan/ipsec VPN - copy_or_add_daemon_user "cros-disks" 213 # For cros-disks +# copy_or_add_daemon_user "cros-disks" 213 # For cros-disks copy_or_add_daemon_user "tor" 214 # For tor (anonymity service) copy_or_add_daemon_user "tcpdump" 215 # For tcpdump --with-user copy_or_add_daemon_user "debugd" 216 # For debugd copy_or_add_daemon_user "openvpn" 217 # For openvpn - copy_or_add_daemon_user "bluetooth" 218 # For bluez - copy_or_add_daemon_user "wpa" 219 # For wpa_supplicant - copy_or_add_daemon_user "cras" 220 # For cras (audio) +# copy_or_add_daemon_user "bluetooth" 218 # For bluez +# copy_or_add_daemon_user "wpa" 219 # For wpa_supplicant +# copy_or_add_daemon_user "cras" 220 # For cras (audio) # copy_or_add_daemon_user "gavd" 221 # For gavd (audio) (deprecated) copy_or_add_daemon_user "input" 222 # For /dev/input/event access - copy_or_add_daemon_user "chaps" 223 # For chaps (pkcs11) +# copy_or_add_daemon_user "chaps" 223 # For chaps (pkcs11) copy_or_add_daemon_user "dhcp" 224 # For dhcpcd (DHCP client) - copy_or_add_daemon_user "tpmd" 225 # For tpmd - copy_or_add_daemon_user "mtp" 226 # For libmtp - copy_or_add_daemon_user "proxystate" 227 # For proxy monitoring - copy_or_add_daemon_user "power" 228 # For powerd - copy_or_add_daemon_user "watchdog" 229 # For daisydog - copy_or_add_daemon_user "devbroker" 230 # For permission_broker - copy_or_add_daemon_user "xorg" 231 # For Xorg +# copy_or_add_daemon_user "tpmd" 225 # For tpmd +# copy_or_add_daemon_user "mtp" 226 # For libmtp +# copy_or_add_daemon_user "proxystate" 227 # For proxy monitoring +# copy_or_add_daemon_user "power" 228 # For powerd +# copy_or_add_daemon_user "watchdog" 229 # For daisydog +# copy_or_add_daemon_user "devbroker" 230 # For permission_broker +# copy_or_add_daemon_user "xorg" 231 # For Xorg # Reserve some UIDs/GIDs between 300 and 349 for sandboxing FUSE-based # filesystem daemons. - copy_or_add_daemon_user "ntfs-3g" 300 # For ntfs-3g prcoess - copy_or_add_daemon_user "avfs" 301 # For avfs process - copy_or_add_daemon_user "fuse-exfat" 302 # For exfat-fuse prcoess - - # Group that are allowed to create directories under /home//root - copy_or_add_group "daemon-store" 400 - - # All audio interfacing will go through the audio server. - add_users_to_group audio "cras" - add_users_to_group input "cras" # For /dev/input/event* access - - # The system user is part of the audio server group to play sounds. The - # power manager user needs to check whether audio is playing. - add_users_to_group cras "${system_user}" power - - # The system_user needs to be part of the audio and video groups. - add_users_to_group audio "${system_user}" - add_users_to_group video "${system_user}" - - # The Xorg user needs to be part of the input and video groups. - add_users_to_group input "xorg" - add_users_to_group video "xorg" +# copy_or_add_daemon_user "ntfs-3g" 300 # For ntfs-3g prcoess +# copy_or_add_daemon_user "avfs" 301 # For avfs process +# copy_or_add_daemon_user "fuse-exfat" 302 # For exfat-fuse prcoess # Users which require access to PKCS #11 cryptographic services must be # in the pkcs11 group. remove_all_users_from_group pkcs11 - add_users_to_group pkcs11 root ipsec "${system_user}" chaps wpa + add_users_to_group pkcs11 root ipsec "${system_user}" # All users accessing opencryptoki database files and all users for # sandboxing FUSE-based filesystem daemons need to be in the # ${system_access_user} group. remove_all_users_from_group "${system_access_user}" add_users_to_group "${system_access_user}" root ipsec "${system_user}" \ - ntfs-3g avfs fuse-exfat chaps # Dedicated group for owning access to serial devices. copy_or_add_group "serial" 402 add_users_to_group "serial" "${system_user}" add_users_to_group "serial" "uucp" - # The root user must be in the wpa group for wpa_cli. - add_users_to_group wpa root - - # Restrict tcsd access to root and chaps. - add_users_to_group tss root chaps - - # Add mtp user to usb group for USB device access. - add_users_to_group usb mtp - - # Create a group for device access via permission_broker - copy_or_add_group "devbroker-access" 403 - add_users_to_group devbroker-access "${system_user}" - - # Give the power manager access to I2C devices so it can adjust external - # displays' brightness via DDC. - copy_or_add_group i2c 404 - add_users_to_group i2c power - - # Give the power manager access to /dev/tty* so it can disable VT switching - # before suspending the system. - add_users_to_group tty power - - # The power manager needs to read from /dev/input/event* to observe power - # button and lid events. - add_users_to_group input power - # Some default directories. These are created here rather than at # install because some of them may already exist and have mounts. for x in /dev /home /media \