From: Piotr Tworek <tworaz666@gmail.com>
To: yocto@yoctoproject.org
Subject: Re: Set linux capabilities on binary on a recipe in meta-oe layer
Date: Thu, 08 Nov 2018 22:53:20 +0100 [thread overview]
Message-ID: <3658853.D14kAIKcfP@stinger> (raw)
In-Reply-To: <CAFd=ocj4eHG89wt7yM0_w3YqrM9788+CZp=gDXgQfQsE6+9v2Q@mail.gmail.com>
Hi Markus,
Have you tried doing it in the postinst step executed on your target? Try:
pkg_postinst_ontarget_${PN} () {
setcap cap_net_raw+eip $D${bindir}/node
}
RDEPENDS_${PN} += "libcap-bin"
/ptw
> I have tested to set capabilities on the node binary within a custom recipe
> (custom layer) but that failed.
>
> pkg_postinst_${PN} () {
> setcap cap_net_raw+eip $D${bindir}/node
> }
> PACKAGE_WRITE_DEPS = "libcap-native"
> RDEPENDS_${PN} = "libcap"
>
> The error message:
>
> ERROR: core-image-full-cmdline-1.0-r0 do_rootfs: [log_check]
> core-image-full-cmdline: found 1 error message in the logfile:
> [log_check] Failed to set capabilities on file
> `/home/ubuntu/yocto-sumo/build/tmp/work/raspberrypi3-poky-linux-gnueabi/core
> -image-full-cmdline/1.0-r0/rootfs/usr/bin/node' (No such file or directory)
>
> When I check the node binary is there in the rootfs directory. It seems
> that when the the pkg_postinst function is executed the node binary is not
> there.
>
> What am I missing? Any answer is much appreciated!
>
> Regards,
> Markus
>
> On Wed, 7 Nov 2018 at 11:32, Markus W <markus4dev@gmail.com> wrote:
> > Hi!
> >
> > Background:
> > In my raspberry project I am developing a nodejs app that needs access to
> > bluetooth/ble device. I want to run the node application as non root user
> > for security reasons. In order to get access from within the app, the node
> > binary need to have the following capability cap_net_raw+eip set. I am
> > using the nodejs recipe from meta-oe and added it in my local.conf:
> >
> > IMAGE_INSTALL_append = " nodejs i2c-tools bluez5 kernel-image
> > kernel-devicetree"
> >
> > Question:
> > Where should I apply the following command? setcap cap_net_raw+eip
> > /usr/bin/node
> >
> > What are my options? Can I create a recipe in a different package that
> > will apply the above command on the meta-oe package for the nodejs recipe?
> >
> > I have been following this thread (
> > https://lists.yoctoproject.org/pipermail/yocto/2016-June/030811.html),
> > but the node binaries and my node-app are in different layers and
> > packages.
> >
> > Any advice how to do this is much appreciated?
> >
> > Regards,
> > Markus
next prev parent reply other threads:[~2018-11-08 21:53 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-07 10:32 [meta-oe] Set linux capabilities on binary on a recipe in meta-oe layer Markus W
2018-11-08 8:56 ` Markus W
2018-11-08 21:53 ` Piotr Tworek [this message]
2018-11-09 10:16 ` Markus W
2018-11-09 14:35 ` Uwe Geuder
2018-11-12 13:09 ` Markus W
2018-11-12 13:47 ` Mike Looijmans
2018-11-13 13:43 ` Uwe Geuder
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3658853.D14kAIKcfP@stinger \
--to=tworaz666@gmail.com \
--cc=yocto@yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.