Re: [yocto] Set linux capabilities on binary on a recipe in meta-oe layer
Hi Markus,
Have you tried doing it in the postinst step executed on your target? Try:
pkg_postinst_ontarget_${PN} () {
setcap cap_net_raw+eip $D${bindir}/node
}
RDEPENDS_${PN} += "libcap-bin"
/ptw
> I have tested to set capabilities on the node binary within a custom recipe
> (custom layer) but that failed.
>
> pkg_postinst_${PN} () {
> setcap cap_net_raw+eip $D${bindir}/node
> }
> PACKAGE_WRITE_DEPS = "libcap-native"
> RDEPENDS_${PN} = "libcap"
>
> The error message:
>
> ERROR: core-image-full-cmdline-1.0-r0 do_rootfs: [log_check]
> core-image-full-cmdline: found 1 error message in the logfile:
> [log_check] Failed to set capabilities on file
> `/home/ubuntu/yocto-sumo/build/tmp/work/raspberrypi3-poky-linux-gnueabi/core
> -image-full-cmdline/1.0-r0/rootfs/usr/bin/node' (No such file or directory)
>
> When I check the node binary is there in the rootfs directory. It seems
> that when the the pkg_postinst function is executed the node binary is not
> there.
>
> What am I missing? Any answer is much appreciated!
>
> Regards,
> Markus
>
> On Wed, 7 Nov 2018 at 11:32, Markus W wrote:
> > Hi!
> >
> > Background:
> > In my raspberry project I am developing a nodejs app that needs access to
> > bluetooth/ble device. I want to run the node application as non root user
> > for security reasons. In order to get access from within the app, the node
> > binary need to have the following capability cap_net_raw+eip set. I am
> > using the nodejs recipe from meta-oe and added it in my local.conf:
> >
> > IMAGE_INSTALL_append = " nodejs i2c-tools bluez5 kernel-image
> > kernel-devicetree"
> >
> > Question:
> > Where should I apply the following command? setcap cap_net_raw+eip
> > /usr/bin/node
> >
> > What are my options? Can I create a recipe in a different package that
> > will apply the above command on the meta-oe package for the nodejs recipe?
> >
> > I have been following this thread (
> > https://lists.yoctoproject.org/pipermail/yocto/2016-June/030811.html),
> > but the node binaries and my node-app are in different layers and
> > packages.
> >
> > Any advice how to do this is much appreciated?
> >
> > Regards,
> > Markus
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH] libselinux: Fix build with musl libc.
From: Piotr Tworek
Musl libc does not implement file traversal functions from fts.h.
Oe-core provides fts library which implements those. Libselinux makefile
allows us to use such additional library by specifying required linker
flags via FTS_LDLIBS variable.
Signed-off-by: Piotr Tworek
---
recipes-security/selinux/libselinux.inc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/recipes-security/selinux/libselinux.inc
b/recipes-security/selinux/libselinux.inc
index 28c437f..33621cc 100644
--- a/recipes-security/selinux/libselinux.inc
+++ b/recipes-security/selinux/libselinux.inc
@@ -8,6 +8,7 @@ LICENSE = "PD"
inherit lib_package pythonnative
DEPENDS += "libsepol python libpcre swig-native"
+DEPENDS_append_libc-musl = " fts"
RDEPENDS_${PN}-python += "python-core"
PACKAGES += "${PN}-python"
@@ -23,6 +24,7 @@ def get_policyconfigarch(d):
EXTRA_OEMAKE += "${@get_policyconfigarch(d)}"
EXTRA_OEMAKE += "LDFLAGS='${LDFLAGS} -lpcre'
LIBSEPOLA='${STAGING_LIBDIR}/libsepol.a'"
+EXTRA_OEMAKE_append_libc-musl = " FTS_LDLIBS=-lfts"
do_compile_append() {
oe_runmake pywrap -j1 \
--
2.16.4
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH] setools: Add missing python runtime deps.
From: Piotr Tworek
The package needs logging, json and argparse modules to start.
Additionaly, it also needs libselinux-python in order to really work.
Without it it'll just print an error message instructing the user to
install it.
Signed-off-by: Piotr Tworek
---
recipes-security/setools/setools_4.1.1.bb | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/recipes-security/setools/setools_4.1.1.bb
b/recipes-security/setools/setools_4.1.1.bb
index 5b6d47d..c5a2d34 100644
--- a/recipes-security/setools/setools_4.1.1.bb
+++ b/recipes-security/setools/setools_4.1.1.bb
@@ -23,7 +23,8 @@ LIC_FILES_CHKSUM =
"file://${S}/COPYING;md5=83a5eb6974c11f30785e90d0eeccf40c \
DEPENDS += "bison-native flex-native swig-native python libsepol"
-RDEPENDS_${PN} += "python-networkx python-enum34 python-decorator
python-setuptools"
+RDEPENDS_${PN} += "python-networkx python-enum34 python-decorator
python-setuptools \
+ python-logging python-json python-argparse
libselinux-python"
RPROVIDES_${PN} += "${PN}-console"
--
2.16.4
--
___
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
