[yocto] Set linux capabilities on binary on a recipe in meta-oe layer
Markus W
markus4dev at gmail.com
Mon Nov 12 05:09:10 PST 2018
Thanks Uwe!
I tried the global approach by adding the following to my local.conf file:
ROOTFS_POSTPROCESS_COMMAND += "my_setcap_function"
my_setcap_function() {
setcap cap_net_raw+eip ${IMAGE_ROOTFS}/usr/bin/node
}
But got the following warning:
WARNING: core-image-full-cmdline-1.0-r0 do_rootfs: Function
my_setcap_function doesn't exist
I have tried to add the function into a recipe but this doesn't work
either. Where should the function be defined?
Regards,
Markus
On Fri, 9 Nov 2018 at 15:35, Uwe Geuder <jrswdnan22 at snkmail.com> wrote:
> Hi!
>
>
> On Fri, Nov 9, 2018 at 12:16 PM Markus W markus4dev-at-gmail.com wrote:
>
> > On Thu, 8 Nov 2018 at 22:53, Piotr Tworek <tworaz666 at gmail.com> wrote:
> ...
> >> pkg_postinst_ontarget_${PN} () {
> >> setcap cap_net_raw+eip $D${bindir}/node
> >> }
> ...
> > How can this be achieved when the rootfs is created and not on first
> > boot? I would like not to ship libcap binaries with the target in
> > production.
>
> Ideally I would do it "locally" in do_install of the node recipe (you can
> append extra statements to the task in your own .bbappend in your own
> layer, don't edit existing recipes)
>
> That of course requires that the package manager preserves the
> capabilites. I have no experience which package manager would do
> or not do that.
>
> "Globally" you can do it by appending a new function to
> ROOTFS_POSTPROCESS_COMMAND
>
> https://www.yoctoproject.org/docs/2.5.1/mega-manual/mega-manual.html#var-
> ROOTFS_POSTPROCESS_COMMAND
>
> This is done in your image recipe.
>
> Regards,
>
> Uwe Geuder
> Neuro Event Labs Oy
> Tampere, Finland
> uwe.gexder at neuroeventlabs.com (Bot check: fix one obvious typo)
> --
> _______________________________________________
> yocto mailing list
> yocto at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20181112/ff5a6fe6/attachment.html>
More information about the yocto
mailing list