Yocto中的Linux功能

Question

Yocto中的Linux功能

linuxyoctolinux-capabilities

5

我希望给几个文件赋予Linux能力（例如CAP_NET_ADMIN）。我正在使用Yocto，我的文件系统应该是只读的，并且在刷写软件后不能更改（这意味着通常会起作用的pkg_postinst和setcap不可能）。

除了在启动目标后更改文件结构外，是否有其他方法可以为文件赋予能力？

- Quizard

2个回答

0

最终我通过将mtd-utils更新到mtd-utils-2.0.0版本（mkfs.ubifs支持扩展属性）来解决了问题。

此外，我现在使用IMAGE_PREPROCESS_COMMAND直接在图像处理之前设置功能。

- Quizard

网页内容由stack overflow 提供, 点击上面的

可以查看英文原文，
原文链接

- Patrick Ohly · Accepted Answer

在构建只读根文件系统时，pkg_postinst脚本已经被执行，因此这种方法是可行的。但是，您必须确保在脚本中调用的命令在构建主机上可用，否则脚本的执行将失败，并且会推迟到设备上的第一次启动。如何确保setcap命令可用取决于Yocto版本，在Yocto 2.3中会有所改变。以下是一个完整的示例配方：

LICENSE = "MIT"

do_install () {
    install -d ${D}/${bindir}
    touch ${D}/${bindir}/foobar
}

pkg_postinst_${PN} () {
    setcap cap_chown+e "$D/${bindir}/foobar"
}
# Dependency when installing on the target.
RDEPENDS_${PN} = "libcap"
# Dependency for rootfs construction, Yocto > 2.3.
PACKAGE_WRITE_DEPS = "libcap-native"
# Dependency for rootfs construction, Yocto <= 2.3 (untested).
# Enabling this makes builds slightly less efficient with
# Yocto > 2.3 because it implies that libcap-native is
# needed for building this recipe, which isn't the case.
# DEPENDS += "libcap-native"

注意保留xattrs。默认的.tar镜像格式会丢弃它们。从https://github.com/01org/meta-intel-iot-security/blob/master/meta-security-framework/classes/xattr-images.bbclass顶部开始:

# xattr support is expected to be compiled into mtd-utils. We just need to
# use it.
EXTRA_IMAGECMD_jffs2_append = " --with-xattr"

# By default, OE-core uses tar from the host, which may or may not have the
# --xattrs parameter which was introduced in 1.27. For image building we
# use a recent enough tar instead.
#
# The GNU documentation does not specify whether --xattrs-include is necessary.
# In practice, it turned out to be not needed when creating archives and
# required when extracting, but it seems prudent to use it in both cases.
IMAGE_DEPENDS_tar_append = " tar-replacement-native"
EXTRANATIVEPATH += "tar-native"
IMAGE_CMD_TAR = "tar --xattrs --xattrs-include=*"

如果有影响，请将此内容加入您的图像配方中。