Hello Ross, None of the approach is working . I have attached the recipe where I am trying to execute postinst . It builds successfully , But when I run getcap on the target , does not return the set capabilities.
Help will be highly appreciated . Regards Shrawan From: Burton, Ross [mailto:ross.bur...@intel.com] Sent: Friday, June 24, 2016 6:40 PM To: Kumar, Shrawan Cc: yocto@yoctoproject.org Subject: Re: [yocto] setcap using recipe Looks like using setcap directly is broken currently, there are two workarounds: 1) use a postinst to invoke setcap on the target instead 2) test the patch for pseudo that is on this list ([PATCH] Add capset pseudo function that always succeeds) and verify that it fixes the problem for you. Ross On 24 June 2016 at 13:31, Kumar, Shrawan <shrawan.ku...@harman.com<mailto:shrawan.ku...@harman.com>> wrote: I am using Yocto 2.0.2 Thanks and Regards Shrawan From: Burton, Ross [mailto:ross.bur...@intel.com<mailto:ross.bur...@intel.com>] Sent: Friday, June 24, 2016 5:56 PM To: Kumar, Shrawan Cc: yocto@yoctoproject.org<mailto:yocto@yoctoproject.org> Subject: Re: [yocto] setcap using recipe What version of OE/Yocto are you using? Old versions of pseudo didn't support xattrs at all. Ross On 24 June 2016 at 13:23, Kumar, Shrawan <shrawan.ku...@harman.com<mailto:shrawan.ku...@harman.com>> wrote: Thanks Ross for your quick turn around , I am getting below error “Unable le to set CAP_SETFCAP effective capability: Operation not permitted.” But when I use # sudo setcap cap_net_raw+ep helloworld on command line I am able to set the cap. To achieve the sudo realization in recipe , I tried as below , but no luck…… Can you suggest something here ? fakeroot do_install() { install -d ${D}${bindir} install -m 0755 helloworld ${D}${bindir} install -d ${D}/lib/systemd/system install -m 0755 hello.service ${D}/lib/systemd/system/ setcap cap_net_raw+ep ${D}${bindir}/helloworld } Thanks and Regards Shrawan From: Burton, Ross [mailto:ross.bur...@intel.com<mailto:ross.bur...@intel.com>] Sent: Friday, June 24, 2016 5:09 PM To: Kumar, Shrawan Cc: yocto@yoctoproject.org<mailto:yocto@yoctoproject.org> Subject: Re: [yocto] setcap using recipe Hi, On 24 June 2016 at 11:41, Kumar, Shrawan <shrawan.ku...@harman.com<mailto:shrawan.ku...@harman.com>> wrote: Is there a way to add a capability to a binary (cap_net_raw+ep),into a recipe? Example : do_install() { install -d ${D}${bindir} install -m 0755 helloworld ${D}${bindir} install -d ${D}/lib/systemd/system install -m 0755 hello.service ${D}/lib/systemd/system/ setcap cap_net_raw+ep ${D}${bindir}/helloworld } If yes is this correct approach to achieve the same from package recipe itself ? capabilities on files are just extended attributes, so assuming that you have a fairly recent Yocto and your host and target filesystems support extended attributes, yes this should work. Ross
HelloWorld_0.1.bb
Description: HelloWorld_0.1.bb
-- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
