[yocto] setcap using recipe
Kumar, Shrawan
Shrawan.Kumar at harman.com
Fri Jun 24 05:23:02 PDT 2016
Thanks Ross for your quick turn around , I am getting below error
“Unable le to set CAP_SETFCAP effective capability: Operation not permitted.”
But when I use # sudo setcap cap_net_raw+ep helloworld on command line I am able to set the cap.
To achieve the sudo realization in recipe , I tried as below , but no luck…… Can you suggest something here ?
fakeroot do_install() {
install -d ${D}${bindir}
install -m 0755 helloworld ${D}${bindir}
install -d ${D}/lib/systemd/system
install -m 0755 hello.service ${D}/lib/systemd/system/
setcap cap_net_raw+ep ${D}${bindir}/helloworld
}
Thanks and Regards
Shrawan
From: Burton, Ross [mailto:ross.burton at intel.com]
Sent: Friday, June 24, 2016 5:09 PM
To: Kumar, Shrawan
Cc: yocto at yoctoproject.org
Subject: Re: [yocto] setcap using recipe
Hi,
On 24 June 2016 at 11:41, Kumar, Shrawan <Shrawan.Kumar at harman.com<mailto:Shrawan.Kumar at harman.com>> wrote:
Is there a way to add a capability to a binary (cap_net_raw+ep),into a recipe?
Example :
do_install() {
install -d ${D}${bindir}
install -m 0755 helloworld ${D}${bindir}
install -d ${D}/lib/systemd/system
install -m 0755 hello.service ${D}/lib/systemd/system/
setcap cap_net_raw+ep ${D}${bindir}/helloworld
}
If yes is this correct approach to achieve the same from package recipe itself ?
capabilities on files are just extended attributes, so assuming that you have a fairly recent Yocto and your host and target filesystems support extended attributes, yes this should work.
Ross
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20160624/f455fae9/attachment.html>
More information about the yocto
mailing list