[yocto] setcap using postinst
Ibtsam Ul-Haq
ibtsam.haq.0x01 at gmail.com
Thu May 24 07:50:26 PDT 2018
Hi all,
I need help to set capabilities for certain binaries at build time.
I have followed this discussion from 2016:
https://lists.yoctoproject.org/pipermail/yocto/2016-July/030942.html
I am currently using Yocto Krogoth (not allowed to upgrade that for now),
but I have updated pseudo to 1.9.0.
In my image file I have added:
IMAGE_DEPENDS_tar_append = " tar-replacement-native"
EXTRANATIVEPATH += "tar-native"
IMAGE_CMD_TAR = "tar --xattrs --xattrs-include=*"
In my recipe file I have added postinst script:
pkg_postinst_${PN} () {
setcap cap_sys_time,cap_ipc_owner+ep "$D/${bindir}/mybin"
}
My target device uses an sdcard image, which is created using dd from
the rootfs.ext4 image.
Apparently the postinst script approach is not working for me, I do
not get the capabilities on mybin in a running system. I need the
postinst script to work at rootfs creation time as I do not plan to
keep setcap in the final image, and also want to switch to a read-only
rootfs soon.
I would appreciate if someone could help me to make this work.
Best regards,
Ibtsam Haq
More information about the yocto
mailing list