我想给几个文件Linux功能(例如CAP_NET_ADMIN)。 我正在使用Yocto,我的文件系统应该是只读的,并且在刷新软件后不得更改(这意味着pkg_postinst使用setcap通常无法工作)。
在启动目标后,是否有其他方法可以在不更改文件结构的情况下为文件提供功能?
答案 0 :(得分:1)
pkg_postinst脚本在构建只读rootfs时已经执行,因此这种方法有效。但是,必须确保在脚本中调用的命令在构建主机中可用,否则脚本的执行将失败并且会延迟到设备上的第一次引导。如何确保setcap命令可用取决于Yocto版本,这将在Yocto 2.3中更改。这是一个完整的示例配方:
# xattr support is expected to be compiled into mtd-utils. We just need to
# use it.
EXTRA_IMAGECMD_jffs2_append = " --with-xattr"
# By default, OE-core uses tar from the host, which may or may not have the
# --xattrs parameter which was introduced in 1.27. For image building we
# use a recent enough tar instead.
#
# The GNU documentation does not specify whether --xattrs-include is necessary.
# In practice, it turned out to be not needed when creating archives and
# required when extracting, but it seems prudent to use it in both cases.
IMAGE_DEPENDS_tar_append = " tar-replacement-native"
EXTRANATIVEPATH += "tar-native"
IMAGE_CMD_TAR = "tar --xattrs --xattrs-include=*"
小心保存xattrs。默认的.tar图像格式会丢弃它们。从https://github.com/01org/meta-intel-iot-security/blob/master/meta-security-framework/classes/xattr-images.bbclass的顶部开始:
def recursive_factorials(num, acc = [])
acc << (num < 2 ? 1 : (num - 1) * recursive_factorials(num - 1, acc).last)
end
recursive_factorials 6
#⇒ [1, 1, 2, 6, 24, 120]
如果重要,请将其放入图像配方中。
答案 1 :(得分:0)
最后,我通过将mtd-utils更新为mtd-utils-2.0.0(mkfs.ubifs支持扩展属性)解决了这个问题。
此外,我现在正在使用IMAGE_PREPROCESS_COMMAND在处理图像之前直接设置功能。</ p>