[yocto] Set linux capabilities on binary on a recipe in meta-oe layer

Mike Looijmans mike.looijmans at topic.nl
Mon Nov 12 05:47:06 PST 2018 

Sometimes the problem is that parts of the underscored function name are seen 
as overrides, so you should try using "mysetcapfunction" instead as a name.

Also, there's a semicolon missing:
ROOTFS_POSTPROCESS_COMMAND += "my_setcap_function;"


On 12-11-18 14:09, Markus W wrote:
> Thanks Uwe!
> 
> I tried the global approach by adding the following to my local.conf file:
> 
> ROOTFS_POSTPROCESS_COMMAND += "my_setcap_function"
> 
> my_setcap_function() {
>      setcap cap_net_raw+eip ${IMAGE_ROOTFS}/usr/bin/node
> }
> 
> But got the following warning:
> WARNING: core-image-full-cmdline-1.0-r0 do_rootfs: Function my_setcap_function 
> doesn't exist
> 
> I have tried to add the function into a recipe but this doesn't work either. 
> Where should the function be defined?
> 
> Regards,
> Markus
> 
> 
> On Fri, 9 Nov 2018 at 15:35, Uwe Geuder <jrswdnan22 at snkmail.com 
> <mailto:jrswdnan22 at snkmail.com>> wrote:
> 
>     Hi!
> 
> 
>     On Fri, Nov 9, 2018 at 12:16 PM Markus W markus4dev-at-gmail.com
>     <http://markus4dev-at-gmail.com> wrote:
> 
>      > On Thu, 8 Nov 2018 at 22:53, Piotr Tworek <tworaz666 at gmail.com
>     <mailto:tworaz666 at gmail.com>> wrote:
>     ...
>      >> pkg_postinst_ontarget_${PN} () {
>      >>    setcap cap_net_raw+eip $D${bindir}/node
>      >> }
>     ...
>      > How can this be achieved when the rootfs is created and not on first
>      > boot? I would like not to ship libcap binaries with the target in
>      > production.
> 
>     Ideally I would do it "locally" in do_install of the node recipe (you can
>     append extra statements to the task in your own .bbappend in your own
>     layer, don't edit existing recipes)
> 
>     That of course requires that the package manager preserves the
>     capabilites. I have no experience which package manager would do
>     or not do that.
> 
>     "Globally" you can do it by appending a new function to
>     ROOTFS_POSTPROCESS_COMMAND
> 
>     https://www.yoctoproject.org/docs/2.5.1/mega-manual/mega-manual.html#var-
>     ROOTFS_POSTPROCESS_COMMAND
> 
>     This is done in your image recipe.
> 
>     Regards,
> 
>     Uwe Geuder
>     Neuro Event Labs Oy
>     Tampere, Finland
>     uwe.gexder at neuroeventlabs.com <mailto:uwe.gexder at neuroeventlabs.com> (Bot
>     check: fix one obvious typo)
>     -- 
>     _______________________________________________
>     yocto mailing list
>     yocto at yoctoproject.org <mailto:yocto at yoctoproject.org>
>     https://lists.yoctoproject.org/listinfo/yocto
> 
>

More information about the yocto mailing list