[yocto] setcap using recipe

[Kumar, Shrawan]

Thanks Ross for your quick turn around , I am getting below error

“Unable le to set CAP_SETFCAP effective capability: Operation not permitted.”

But when I use    # sudo setcap cap_net_raw+ep  helloworld        on command line I am able to set the cap.

To achieve the sudo realization  in recipe , I tried  as below , but no luck…… Can you suggest something here  ?

fakeroot do_install() {
                    install -d ${D}${bindir}
                    install -m 0755 helloworld ${D}${bindir}
                    install -d ${D}/lib/systemd/system
                    install -m 0755 hello.service ${D}/lib/systemd/system/
             setcap cap_net_raw+ep  ${D}${bindir}/helloworld

}

Thanks and Regards
Shrawan

From: Burton, Ross [mailto:ross.burton at intel.com]
Sent: Friday, June 24, 2016 5:09 PM
To: Kumar, Shrawan
Cc: yocto at yoctoproject.org
Subject: Re: [yocto] setcap using recipe

Hi,

On 24 June 2016 at 11:41, Kumar, Shrawan <Shrawan.Kumar at harman.com<mailto:Shrawan.Kumar at harman.com>> wrote:

Is there a way to  add a capability to a binary (cap_net_raw+ep),into a recipe?


Example :

do_install() {

           install -d ${D}${bindir}

           install -m 0755 helloworld ${D}${bindir}

           install -d ${D}/lib/systemd/system

           install -m 0755 hello.service ${D}/lib/systemd/system/

           setcap cap_net_raw+ep  ${D}${bindir}/helloworld

}



If yes is this correct approach to achieve the same from  package recipe itself ?

capabilities on files are just extended attributes, so assuming that you have a fairly recent Yocto and your host and target filesystems support extended attributes, yes this should work.

Ross
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20160624/f455fae9/attachment.html>