Use Linux setcap command to set capabilities during Yocto build -


i'm using yocto 1.8 build linux system.

i need use command "setcap" set files capabilities during build, introduced via libcap package recipe: http://cgit.openembedded.org/openembedded-core/tree/meta/recipes-support/libcap/libcap_2.25.bb?h=master

the problem recipe provides libcap package, library, , subpackage called libcap-bin contains binaries need use. couldn't build or use libcap-bin-native package inside recipe dependancy (using depends variable). everytime call "setcap" binary, yocto uses host binaries (ubuntu 14.04 64-bit) not build system ones (as it's not there).

i need know how include native binaries built libcap-bin package in native sysroot buildsystem used during recipe execution.

example recipe use setcap command:

description = "apply  caps on files" section = "bin" license = "closed"  do_install() {     install -d ${d}${bindir}     touch ${d}${bindir}/testacl }  depends = "libcap libcap-native"  #new task added each recipe apply attributes inside ipks fakeroot do_setcaps() {     setcap 'cap_sys_admin,cap_sys_rawio+ep' ${workdir}/packages-split/${pn}${bindir}/testacl }  #adding new task  before do_package_write_ipk task addtask setcaps before do_package_write_ipk after do_packagedata

this recipe working fine, except uses setcap command host system (ubuntu 14.04 64-bit) located "/sbin/setcap"

the dependency package libcap-native includes library files inside native sysroot, not binaries.

if used inside recipe:

depends = "libcap-bin"

i got error:

error: nothing provides 'libcap-bin'

i saw thread talking same topic: linux capabilities yocto

but uses yocto > 2.3 , i'm using yocto 1.8 , , can't update right now.

any help?

ps: updated yocto build system preserve acls , extended attributes during ipk creation, , it's working , being preserved inside ipk, inside rootfs, , on target after flashing.

i found solution. had add libcap recipe

packageconfig_class-native = "attr"

as generated binaries (setcap & getcap) depending on libattr, , has configured manually.

i found it's configured target package

packageconfig ??= "attr ${@bb.utils.contains('distro_features', 'pam', 'pam', '', d)}"

sorry disturbing.


-

Comments

  1. xeniterFebruary 14, 2020 at 2:29 AM

    hi, i add to use depends = "libcap-native"

    be aware that after the yocto build you don't get any capabilites with getcap from the files.

    yocto uses pseudo lib to intercept chown, chmod calls, track them in a sqlite db [1] (uses LD_PRELOAD for interception)

    so this attributes are not set for the files in the "rootfs" folder, however added at image/rootfs creation.

    [1] https://superuser.com/questions/914334/changing-ownership-not-permitted

    ReplyDelete

Post a Comment

Popular posts from this blog

cookies - Yii2 Advanced - Share session between frontend and mainsite (duplicate of frontend for www) -

i have custom members system have made: yii2 members system . can refer full details, or install can work question. i have frontend , backend yii2 provides, few modifications separate sessions/cookies backend works admin model , pulls admin table. similar old traditional member systems. mainsite clone of frontend , it's role main website. when go www.site.com or site.com . here 3 apps , example domains: mainsite = www.site.com or site.com frontend = users.site.com backend = admin.site.com when user logs in ( users.site.com/site/login ) , go homepage ( mainsite @ www.site.com ) want know logged in , show username. how frontend operates default advanced app. from have far, login , head mainsite , reads an internal server error occurred. . doesn't yii error, server error? when in yii logs under runtime, mentions access control: 2017-04-14 13:38:25 [127.0.0.1][1][-][error][yii\web\httpexception:403] exception 'yii\web\forbiddenhttpexception'...
Read more

angular - password and confirm password field validation angular2 reactive forms -

i need check whether password , confirm password fields have same value using reactive form angular2. did see lot of answers on same here, angular 2 form validating repeat password , comparing fields in validator angular2 , none seemed work me.can please help."this" undefined in validate function :( . sharing code, this.addedituserform = this.builder.group({ firstname: ['', validators.required], lastname: ['', validators.required], title: ['', validators.required], email: ['', validators.required], password: ['', validators.required], confirmpass: ['', [validators.required, this.validatepasswordconfirmation]] }); validatepasswordconfirmation(group: formgroup): any{ let valid = true; // if (this.addedituserform.controls.password != this.addedituserform.controls.confirmpass) { // valid = false; // this.add...
Read more

javascript - Angular2 intelliJ config error.. Cannot find module '@angular/core' -

Image
i new angular2. following tutorial angular2 example . first simple tutorial called guess-the-number i used code described in github provided example https://github.com/chandermani/angular2byexample/tree/master/guessthenumber . it loads fine in browser. intellij setup i'm having issues. intellij returning following error.. seen in screenshot. cannot find module '@angular/core' my properties file follows systemjs.config.js system.config({ map : { 'app': 'app', 'rxjs': 'https://unpkg.com/rxjs@5.0.0-beta.12', '@angular/common': 'https://unpkg.com/@angular/common@2.0.0', '@angular/compiler': 'https://unpkg.com/@angular/compiler@2.0.0', '@angular/core': 'https://unpkg.com/@angular/core@2.0.0', '@angular/platform-browser': 'https://unpkg.com/@angular/platform-browser@2.0.0', '@angular/platform-browser-dynamic': 'https://unpkg.c...
Read more