使用yocto的Linux功能

Question

我想給Linux提供幾個文件功能（例如CAP_NET_ADMIN）。 我正在使用Yocto，我的文件系統應該是隻讀的，並且在刷新軟件後不得更改（這意味着pkg_postinst和通常工作的setcap是不可能的）。

有沒有其他方式可以在啓動目標後不改變文件結構的情況下爲文件賦予功能？

Answer 1

pkg_postinst腳本在構建只讀rootfs時已經得到執行，所以這種方法起作用。但是，必須確保在構建主機中可以使用腳本中調用的命令，否則腳本的執行將失敗，並且會延遲到設備上的第一次引導。如何確保setcap命令可用取決於Yocto版本，這將在Yocto 2.3中更改。下面是一個完整的示例配方：

LICENSE = "MIT" 

do_install() { 
    install -d ${D}/${bindir} 
    touch ${D}/${bindir}/foobar 
} 

pkg_postinst_${PN}() { 
    setcap cap_chown+e "$D/${bindir}/foobar" 
} 
# Dependency when installing on the target. 
RDEPENDS_${PN} = "libcap" 
# Dependency for rootfs construction, Yocto > 2.3. 
PACKAGE_WRITE_DEPS = "libcap-native" 
# Dependency for rootfs construction, Yocto <= 2.3 (untested). 
# Enabling this makes builds slightly less efficient with 
# Yocto > 2.3 because it implies that libcap-native is 
# needed for building this recipe, which isn't the case. 
# DEPENDS += "libcap-native" 

小心保存xattrs。默認的.tar圖像格式將會丟棄它們。從https://github.com/01org/meta-intel-iot-security/blob/master/meta-security-framework/classes/xattr-images.bbclass頂部：

# xattr support is expected to be compiled into mtd-utils. We just need to 
# use it. 
EXTRA_IMAGECMD_jffs2_append = " --with-xattr" 

# By default, OE-core uses tar from the host, which may or may not have the 
# --xattrs parameter which was introduced in 1.27. For image building we 
# use a recent enough tar instead. 
# 
# The GNU documentation does not specify whether --xattrs-include is necessary. 
# In practice, it turned out to be not needed when creating archives and 
# required when extracting, but it seems prudent to use it in both cases. 
IMAGE_DEPENDS_tar_append = " tar-replacement-native" 
EXTRANATIVEPATH += "tar-native" 
IMAGE_CMD_TAR = "tar --xattrs --xattrs-include=*" 

要把它放到你的形象的食譜，如果它很重要。

Answer 2

最後，我通過將mtd-utils更新爲mtd-utils-2.0.0（mkfs.ubifs支持擴展屬性）來解決該問題。

此外，我現在使用IMAGE_PREPROCESS_COMMAND直接在處理圖像之前設置功能。