[yocto] Set linux capabilities on binary on a recipe in meta-oe layer

Markus W markus4dev at gmail.com
Thu Nov 8 00:56:23 PST 2018 

I have tested to set capabilities on the node binary within a custom recipe
(custom layer) but that failed.

pkg_postinst_${PN} () {
    setcap cap_net_raw+eip $D${bindir}/node
}
PACKAGE_WRITE_DEPS = "libcap-native"
RDEPENDS_${PN} = "libcap"

The error message:

ERROR: core-image-full-cmdline-1.0-r0 do_rootfs: [log_check]
core-image-full-cmdline: found 1 error message in the logfile:
[log_check] Failed to set capabilities on file
`/home/ubuntu/yocto-sumo/build/tmp/work/raspberrypi3-poky-linux-gnueabi/core-image-full-cmdline/1.0-r0/rootfs/usr/bin/node'
(No such file or directory)

When I check the node binary is there in the rootfs directory. It seems
that when the the pkg_postinst function is executed the node binary is not
there.

What am I missing? Any answer is much appreciated!

Regards,
Markus

On Wed, 7 Nov 2018 at 11:32, Markus W <markus4dev at gmail.com> wrote:

> Hi!
>
> Background:
> In my raspberry project I am developing a nodejs app that needs access to
> bluetooth/ble device. I want to run the node application as non root user
> for security reasons. In order to get access from within the app, the node
> binary need to have the following capability cap_net_raw+eip set. I am
> using the nodejs recipe from meta-oe and added it in my local.conf:
>
> IMAGE_INSTALL_append = " nodejs i2c-tools bluez5 kernel-image
> kernel-devicetree"
>
> Question:
> Where should I apply the following command? setcap cap_net_raw+eip
> /usr/bin/node
>
> What are my options? Can I create a recipe in a different package that
> will apply the above command on the meta-oe package for the nodejs recipe?
>
> I have been following this thread (
> https://lists.yoctoproject.org/pipermail/yocto/2016-June/030811.html),
> but the node binaries and my node-app are in different layers and packages.
>
> Any advice how to do this is much appreciated?
>
> Regards,
> Markus
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20181108/e1a30cc3/attachment.html>

More information about the yocto mailing list