Re: [yocto] Set linux capabilities on binary on a recipe in meta-oe layer
Hi Markus, Have you tried doing it in the postinst step executed on your target? Try: pkg_postinst_ontarget_${PN} () { setcap cap_net_raw+eip $D${bindir}/node } RDEPENDS_${PN} += "libcap-bin" /ptw > I have tested to set capabilities on the node binary within a custom recipe > (custom layer) but that failed. > > pkg_postinst_${PN} () { > setcap cap_net_raw+eip $D${bindir}/node > } > PACKAGE_WRITE_DEPS = "libcap-native" > RDEPENDS_${PN} = "libcap" > > The error message: > > ERROR: core-image-full-cmdline-1.0-r0 do_rootfs: [log_check] > core-image-full-cmdline: found 1 error message in the logfile: > [log_check] Failed to set capabilities on file > `/home/ubuntu/yocto-sumo/build/tmp/work/raspberrypi3-poky-linux-gnueabi/core > -image-full-cmdline/1.0-r0/rootfs/usr/bin/node' (No such file or directory) > > When I check the node binary is there in the rootfs directory. It seems > that when the the pkg_postinst function is executed the node binary is not > there. > > What am I missing? Any answer is much appreciated! > > Regards, > Markus > > On Wed, 7 Nov 2018 at 11:32, Markus W wrote: > > Hi! > > > > Background: > > In my raspberry project I am developing a nodejs app that needs access to > > bluetooth/ble device. I want to run the node application as non root user > > for security reasons. In order to get access from within the app, the node > > binary need to have the following capability cap_net_raw+eip set. I am > > using the nodejs recipe from meta-oe and added it in my local.conf: > > > > IMAGE_INSTALL_append = " nodejs i2c-tools bluez5 kernel-image > > kernel-devicetree" > > > > Question: > > Where should I apply the following command? setcap cap_net_raw+eip > > /usr/bin/node > > > > What are my options? Can I create a recipe in a different package that > > will apply the above command on the meta-oe package for the nodejs recipe? > > > > I have been following this thread ( > > https://lists.yoctoproject.org/pipermail/yocto/2016-June/030811.html), > > but the node binaries and my node-app are in different layers and > > packages. > > > > Any advice how to do this is much appreciated? > > > > Regards, > > Markus -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH] libselinux: Fix build with musl libc.
From: Piotr Tworek Musl libc does not implement file traversal functions from fts.h. Oe-core provides fts library which implements those. Libselinux makefile allows us to use such additional library by specifying required linker flags via FTS_LDLIBS variable. Signed-off-by: Piotr Tworek --- recipes-security/selinux/libselinux.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/recipes-security/selinux/libselinux.inc b/recipes-security/selinux/libselinux.inc index 28c437f..33621cc 100644 --- a/recipes-security/selinux/libselinux.inc +++ b/recipes-security/selinux/libselinux.inc @@ -8,6 +8,7 @@ LICENSE = "PD" inherit lib_package pythonnative DEPENDS += "libsepol python libpcre swig-native" +DEPENDS_append_libc-musl = " fts" RDEPENDS_${PN}-python += "python-core" PACKAGES += "${PN}-python" @@ -23,6 +24,7 @@ def get_policyconfigarch(d): EXTRA_OEMAKE += "${@get_policyconfigarch(d)}" EXTRA_OEMAKE += "LDFLAGS='${LDFLAGS} -lpcre' LIBSEPOLA='${STAGING_LIBDIR}/libsepol.a'" +EXTRA_OEMAKE_append_libc-musl = " FTS_LDLIBS=-lfts" do_compile_append() { oe_runmake pywrap -j1 \ -- 2.16.4 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
[yocto] [meta-selinux][PATCH] setools: Add missing python runtime deps.
From: Piotr Tworek The package needs logging, json and argparse modules to start. Additionaly, it also needs libselinux-python in order to really work. Without it it'll just print an error message instructing the user to install it. Signed-off-by: Piotr Tworek --- recipes-security/setools/setools_4.1.1.bb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/recipes-security/setools/setools_4.1.1.bb b/recipes-security/setools/setools_4.1.1.bb index 5b6d47d..c5a2d34 100644 --- a/recipes-security/setools/setools_4.1.1.bb +++ b/recipes-security/setools/setools_4.1.1.bb @@ -23,7 +23,8 @@ LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=83a5eb6974c11f30785e90d0eeccf40c \ DEPENDS += "bison-native flex-native swig-native python libsepol" -RDEPENDS_${PN} += "python-networkx python-enum34 python-decorator python-setuptools" +RDEPENDS_${PN} += "python-networkx python-enum34 python-decorator python-setuptools \ + python-logging python-json python-argparse libselinux-python" RPROVIDES_${PN} += "${PN}-console" -- 2.16.4 -- ___ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto