[yocto] setcap using recipe

Burton, Ross ross.burton at intel.com
Fri Jun 24 06:10:22 PDT 2016 

Looks like using setcap directly is broken currently, there are two
workarounds:

1) use a postinst to invoke setcap on the target instead
2) test the patch for pseudo that is on this list ([PATCH] Add capset
pseudo function that always succeeds) and verify that it fixes the problem
for you.

Ross

On 24 June 2016 at 13:31, Kumar, Shrawan <Shrawan.Kumar at harman.com> wrote:

> I am using Yocto 2.0.2
>
>
>
> Thanks and Regards
>
> Shrawan
>
>
>
> *From:* Burton, Ross [mailto:ross.burton at intel.com]
> *Sent:* Friday, June 24, 2016 5:56 PM
>
> *To:* Kumar, Shrawan
> *Cc:* yocto at yoctoproject.org
> *Subject:* Re: [yocto] setcap using recipe
>
>
>
> What version of OE/Yocto are you using?  Old versions of pseudo didn't
> support xattrs at all.
>
>
>
> Ross
>
>
>
> On 24 June 2016 at 13:23, Kumar, Shrawan <Shrawan.Kumar at harman.com> wrote:
>
> Thanks Ross for your quick turn around , I am getting below error
>
>
>
> “Unable le to set CAP_SETFCAP effective capability: Operation not
> permitted.”
>
>
>
> But when I use    # *sudo* setcap cap_net_raw+ep  helloworld        on
> command line I am able to set the cap.
>
>
>
> To achieve the sudo realization  in recipe , I tried  as below , but no
> luck…… Can you suggest something here  ?
>
>
>
> fakeroot do_install() {
>
>                     install -d ${D}${bindir}
>
>                     install -m 0755 helloworld ${D}${bindir}
>
>                     install -d ${D}/lib/systemd/system
>
>                     install -m 0755 hello.service ${D}/lib/systemd/system/
>
>              setcap cap_net_raw+ep  ${D}${bindir}/helloworld
>
>
>
> }
>
>
>
> Thanks and Regards
>
> Shrawan
>
>
>
> *From:* Burton, Ross [mailto:ross.burton at intel.com]
> *Sent:* Friday, June 24, 2016 5:09 PM
> *To:* Kumar, Shrawan
> *Cc:* yocto at yoctoproject.org
> *Subject:* Re: [yocto] setcap using recipe
>
>
>
> Hi,
>
>
>
> On 24 June 2016 at 11:41, Kumar, Shrawan <Shrawan.Kumar at harman.com> wrote:
>
> Is there a way to  add a capability to a binary (cap_net_raw+ep),into a
> recipe?
>
>
>
> Example :
>
> do_install() {
>
>            install -d ${D}${bindir}
>
>            install -m 0755 helloworld ${D}${bindir}
>
>            install -d ${D}/lib/systemd/system
>
>            install -m 0755 hello.service ${D}/lib/systemd/system/
>
>            setcap cap_net_raw+ep  ${D}${bindir}/helloworld
>
> }
>
>
>
> If yes is this correct approach to achieve the same from  package recipe
> itself ?
>
>
> capabilities on files are just extended attributes, so assuming that you
> have a fairly recent Yocto and your host and target filesystems support
> extended attributes, yes this should work.
>
>
>
> Ross
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20160624/7af6356a/attachment.html>

More information about the yocto mailing list