我想给Linux提供几个文件功能(例如CAP_NET_ADMIN).
我正在使用Yocto,并且我的文件系统应该是只读的,并且在刷新软件后不能更改(这意味着通常无法正常运行的带有setcap的pkg_postinst).
引导目标后,还有其他方法可以为文件提供功能而不更改文件结构吗?
解决方法:
pkg_postinst脚本在构建只读rootfs时已经执行,因此此方法有效.但是,您必须确保您在脚本中调用的命令在构建主机中可用,否则脚本的执行将失败,并且将推迟到设备上的首次启动.如何确保setcap命令可用取决于Yocto版本,这将在Yocto 2.3中更改.这是一个完整的示例食谱:
LICENSE = "MIT"
do_install () {
install -d ${D}/${bindir}
touch ${D}/${bindir}/foobar
}
pkg_postinst_${PN} () {
setcap cap_chown+e "$D/${bindir}/foobar"
}
# Dependency when installing on the target.
RDEPENDS_${PN} = "libcap"
# Dependency for rootfs construction, Yocto > 2.3.
PACKAGE_WRITE_DEPS = "libcap-native"
# Dependency for rootfs construction, Yocto <= 2.3 (untested).
# Enabling this makes builds slightly less efficient with
# Yocto > 2.3 because it implies that libcap-native is
# needed for building this recipe, which isn't the case.
# DEPENDS += "libcap-native"
小心保存Xattrs.默认的.tar图像格式会删除它们.从https://github.com/01org/meta-intel-iot-security/blob/master/meta-security-framework/classes/xattr-images.bbclass的顶部开始:
# xattr support is expected to be compiled into mtd-utils. We just need to
# use it.
EXTRA_IMAGECMD_jffs2_append = " --with-xattr"
# By default, OE-core uses tar from the host, which may or may not have the
# --xattrs parameter which was introduced in 1.27. For image building we
# use a recent enough tar instead.
#
# The GNU documentation does not specify whether --xattrs-include is necessary.
# In practice, it turned out to be not needed when creating archives and
# required when extracting, but it seems prudent to use it in both cases.
IMAGE_DEPENDS_tar_append = " tar-replacement-native"
EXTRANATIVEPATH += "tar-native"
IMAGE_CMD_TAR = "tar --xattrs --xattrs-include=*"
如果有必要,将其放入您的图像配方中.