Does your target filesystem support it? ubifs doesn't :( http://www.linux-mtd.infradead.org/doc/ubifs.html#L_xattr
2016-07-01 9:53 GMT-03:00 Kumar, Shrawan <shrawan.ku...@harman.com>: > Hello Ross, > > > > None of the approach is working . I have attached the recipe where I am > trying to execute postinst . It builds successfully , But when I run getcap > on the target , does not return the set capabilities. > > > > Help will be highly appreciated . > > > > Regards > > Shrawan > > From: Burton, Ross [mailto:ross.bur...@intel.com] > Sent: Friday, June 24, 2016 6:40 PM > > > To: Kumar, Shrawan > Cc: yocto@yoctoproject.org > Subject: Re: [yocto] setcap using recipe > > > > Looks like using setcap directly is broken currently, there are two > workarounds: > > > > 1) use a postinst to invoke setcap on the target instead > > 2) test the patch for pseudo that is on this list ([PATCH] Add capset pseudo > function that always succeeds) and verify that it fixes the problem for you. > > > > Ross > > > > On 24 June 2016 at 13:31, Kumar, Shrawan <shrawan.ku...@harman.com> wrote: > > I am using Yocto 2.0.2 > > > > Thanks and Regards > > Shrawan > > > > From: Burton, Ross [mailto:ross.bur...@intel.com] > Sent: Friday, June 24, 2016 5:56 PM > > > To: Kumar, Shrawan > Cc: yocto@yoctoproject.org > Subject: Re: [yocto] setcap using recipe > > > > What version of OE/Yocto are you using? Old versions of pseudo didn't > support xattrs at all. > > > > Ross > > > > On 24 June 2016 at 13:23, Kumar, Shrawan <shrawan.ku...@harman.com> wrote: > > Thanks Ross for your quick turn around , I am getting below error > > > > “Unable le to set CAP_SETFCAP effective capability: Operation not > permitted.” > > > > But when I use # sudo setcap cap_net_raw+ep helloworld on command > line I am able to set the cap. > > > > To achieve the sudo realization in recipe , I tried as below , but no > luck…… Can you suggest something here ? > > > > fakeroot do_install() { > > install -d ${D}${bindir} > > install -m 0755 helloworld ${D}${bindir} > > install -d ${D}/lib/systemd/system > > install -m 0755 hello.service ${D}/lib/systemd/system/ > > setcap cap_net_raw+ep ${D}${bindir}/helloworld > > > > } > > > > Thanks and Regards > > Shrawan > > > > From: Burton, Ross [mailto:ross.bur...@intel.com] > Sent: Friday, June 24, 2016 5:09 PM > To: Kumar, Shrawan > Cc: yocto@yoctoproject.org > Subject: Re: [yocto] setcap using recipe > > > > Hi, > > > > On 24 June 2016 at 11:41, Kumar, Shrawan <shrawan.ku...@harman.com> wrote: > > Is there a way to add a capability to a binary (cap_net_raw+ep),into a > recipe? > > > > Example : > > do_install() { > > install -d ${D}${bindir} > > install -m 0755 helloworld ${D}${bindir} > > install -d ${D}/lib/systemd/system > > install -m 0755 hello.service ${D}/lib/systemd/system/ > > setcap cap_net_raw+ep ${D}${bindir}/helloworld > > } > > > > If yes is this correct approach to achieve the same from package recipe > itself ? > > > capabilities on files are just extended attributes, so assuming that you > have a fairly recent Yocto and your host and target filesystems support > extended attributes, yes this should work. > > > > Ross > > > > > > > -- > _______________________________________________ > yocto mailing list > yocto@yoctoproject.org > https://lists.yoctoproject.org/listinfo/yocto > -- "Do or do not. There is no try" Yoda Master -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto