我想给几个文件的Linuxfunction(如CAP_NET_ADMIN)。 我正在使用Yocto,我的文件系统应该是只读的,不能在刷新软件后更改(这意味着pkg_postinst与通常工作的setcap是不可能的)。
有没有其他方法可以在启动目标后不改变文件结构的情况下提供文件function?
在构建只读rootfs时,pkg_postinst脚本已经得到执行,所以这种方法起作用。 您必须确保在脚本中调用的命令在构建主机中可用,否则脚本的执行将失败,并且延迟到设备上的第一次引导。 如何确保setcap命令的可用取决于Yocto版本,这将在Yocto 2.3中改变。 这是一个完整的示例配方:
LICENSE = "MIT" do_install () { install -d ${D}/${bindir} touch ${D}/${bindir}/foobar } pkg_postinst_${PN} () { setcap cap_chown+e "$D/${bindir}/foobar" } # Dependency when installing on the target. RDEPENDS_${PN} = "libcap" # Dependency for rootfs construction, Yocto > 2.3. PACKAGE_WRITE_DEPS = "libcap-native" # Dependency for rootfs construction, Yocto <= 2.3 (untested). # Enabling this makes builds slightly less efficient with # Yocto > 2.3 because it implies that libcap-native is # needed for building this recipe, which isn't the case. # DEPENDS += "libcap-native" 小心保存xattrs。 默认的.tar图像格式会丢弃它们。 从https://github.com/01org/meta-intel-iot-security/blob/master/meta-security-framework/classes/xattr-images.bbclass顶部:
# xattr support is expected to be compiled into mtd-utils. We just need to # use it. EXTRA_IMAGECMD_jffs2_append = " --with-xattr" # By default, OE-core uses tar from the host, which may or may not have the # --xattrs parameter which was introduced in 1.27. For image building we # use a recent enough tar instead. # # The GNU documentation does not specify whether --xattrs-include is necessary. # In practice, it turned out to be not needed when creating archives and # required when extracting, but it seems prudent to use it in both cases. IMAGE_DEPENDS_tar_append = " tar-replacement-native" EXTRANATIVEPATH += "tar-native" IMAGE_CMD_TAR = "tar --xattrs --xattrs-include=*"
把这个放在你的图像配方里,如果有的话。
最后,我通过更新mtd-utils到mtd-utils-2.0.0(mkfs.ubifs支持扩展属性)来解决这个问题。
此外,我现在使用IMAGE_PREPROCESS_COMMAND直接在图像处理之前设置能力。