Setuid Programs

The romfs filesystem used in the singularity lacks some permission bits, including the setuid bit. LNX-BBC works around this by encoding the information into the directory structure as the contents of the singularity file are built. Binaries which would ordinarily have the setuid bit set are moved from their installed path to one prefixed with "/setuid". A symlink is created in its place which is directed to a path that will exist at runtime. Part of the boot process involves copying a wrapper script into a filesystem that supports the setuid bit and establishing symlinks so that the ones created at build time lead to the wrapper script, which gains root permissions from its own setuid bit and then executes the appropriate binary in /setuid.

To install binaries into this system, set the SETUID_PROGRAMS varible in the GAR Makefile. The value should be a list of the absolute paths of your setuid binaries as they would normally appear at runtime.

[LNX-BBC]

LNX-BBC

Development

Resources

BBC Tools and Information

  1. Singularity, El-Torito, and the LNX-BBC's Compression
  2. User Accounts on the BBC
  3. Minit
  4. Setuid Programs

Other Formats