Hello Team ,
I am trying to set extended attributes using below post inst . I am able to
preserve the setcap and smack attributes in the ext4 image. However, I am
getting "Invalid argument " when I run getfacl/setfacl in qemu target . As said
earlier all the 3 attributes are seen using devshell in the rootfs folder.
pkg_postinst_${PN}() {
setfacl -m u:user2:r-- $D${bindir}/helloworld
setcap cap_net_raw+ep $D${bindir}/helloworld
chsmack -a "helloWorldAccessLabel" -e "helloWorldExecuteLabel"
$D${bindir}/helloworld
}
When I was using " e2fsprogs_1.42.9.bb the POSIX caps and smack rules were not
getting preserved but acl attributes were getting preserved now opposite is
happening .
@Joshua/Team
Can somebody help here ? This is bit urgent and I have been struggling for
quite some time.
Note :I have set the inode size to be 256 while creating the ext4 image.
Thanks and REgads
Shrawan
-----Original Message-----
From: [email protected] [mailto:[email protected]] On
Behalf Of Kumar, Shrawan
Sent: Thursday, October 27, 2016 6:26 PM
To: Joshua G Lock; [email protected]
Subject: Re: [yocto] Access Control List (ACL) permissions attributes not
getting preserved in rootfs
Hello All,
Further update on this issue , migrated to "e2fsprogs_1.43.bb" from
"e2fsprogs_1.42.9.bb" . It is observed that the ACL permission set are visible
on dev-shell but when qemu is launched we get below error :
root@qemux86:#getfacl /usr/bin/helloworld
getfacl: /usr/bin/helloworld: Invalid argument
Also,
root@qemux86:# setfacl -m u:user2:r-- /usr/bin/helloworld
setfacl: /usr/bin/helloworld: Invalid argument
Thanks and Regards
Shrawan
-----Original Message-----
From: Joshua G Lock [mailto:[email protected]]
Sent: Friday, August 12, 2016 7:22 PM
To: Kumar, Shrawan; [email protected]
Subject: Re: [yocto] Access Control List (ACL) permissions attributes not
getting preserved in rootfs
On Fri, 2016-08-12 at 12:33 +0000, Kumar, Shrawan wrote:
> Hello All,
>
> I am using poky “ jethro” , and though one of my recipe, I have
> created user1 & user2 and then trying to set ACL rules on
> “helloworld” bin as below :
>
>
> do_install() {
> install -d ${D}${bindir}
> install -m 0700 helloworld ${D}${bindir}
> install -d ${D}/lib/systemd/system
> install -m 0700 hello.service
> ${D}/lib/systemd/system/
> chown user1:group1 ${D}${bindir}/helloworld
> setfacl -m u:user2:r-- ${D}${bindir}/helloworld }
>
>
> è When I see on the devshell ( bitbake HelloWorld –c devshell) :
> poky/build_qemux86/tmp/work/qemux86-poky-linux/core-image-
> minimal/1.0-r0/rootfs/usr/bin# getfacl helloworld , I could see
> that ACL permissions are set correctly as below :
> - # file: helloworld
> - # owner: user1
> - # group: group1
> - user::rwx
> - user:user2:r--
> - group::---
> - mask::r--
> - other::---
>
> However, It does not seems to be getting preserved in rootfs. :
> /poky/build_qemux86/tmp/work/qemux86-poky-linux/core-image-
> minimal/1.0-r0/rootfs/usr/bin# getfacl helloworld # file: helloworld #
> owner: user1 # group: group1 user::rwx
> group::---
> other::---
>
> quick help here would be highly appreciated
This is due to the fact that we don't currently have a mechanism to preserve
xattr through to image construction[1].
The largest barrier for doig so is that the package managers (certainly dpkg
and rpm) don't have any support for xattrs in packages (an image is populated
via the package manager).
To the best of my knowledge the only option for adding some xattr/ACL is to use
a postinst[2] to set the attributes after the package has been installed.
Regards,
Joshua
1. https://bugzilla.yoctoproject.org/show_bug.cgi?id=9858
2. http://www.yoctoproject.org/docs/2.1/dev-manual/dev-manual.html#new-
recipe-post-installation-scripts
--
_______________________________________________
yocto mailing list
[email protected]
https://lists.yoctoproject.org/listinfo/yocto
--
_______________________________________________
yocto mailing list
[email protected]
https://lists.yoctoproject.org/listinfo/yocto
