diff options
Diffstat (limited to 'meta-app-framework/recipes-support/libcap')
-rw-r--r-- | meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch | 87 | ||||
-rw-r--r-- | meta-app-framework/recipes-support/libcap/libcap_%.bbappend | 5 |
2 files changed, 92 insertions, 0 deletions
diff --git a/meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch b/meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch new file mode 100644 index 000000000..fa359fa87 --- /dev/null +++ b/meta-app-framework/recipes-support/libcap/libcap/removing-capability-enforcement.patch @@ -0,0 +1,87 @@ +From c34b2725817d4fd1fd6878bbb16617cb9e3e3a70 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh> +Date: Fri, 22 Jan 2016 16:23:59 +0100 +Subject: [PATCH] removing capability enforcement + +Signed-off-by: ronan <ronan@iot.bzh> + +Change-Id: Idb724192ceab176a611bbed45c0ebc9c8eb5dd30 +--- + progs/setcap.c | 45 +-------------------------------------------- + 1 file changed, 1 insertion(+), 44 deletions(-) + +diff --git a/progs/setcap.c b/progs/setcap.c +index 7304343..71999b6 100644 +--- a/progs/setcap.c ++++ b/progs/setcap.c +@@ -58,11 +58,9 @@ static int read_caps(int quiet, const char *filename, char *buffer) + + int main(int argc, char **argv) + { +- int tried_to_cap_setfcap = 0; + char buffer[MAXCAP+1]; + int retval, quiet=0, verify=0; + cap_t mycaps; +- cap_value_t capflag; + + if (argc < 3) { + usage(); +@@ -150,54 +148,13 @@ int main(int argc, char **argv) + printf("%s: OK\n", *argv); + } + } else { +- if (!tried_to_cap_setfcap) { +- capflag = CAP_SETFCAP; +- +- /* +- * Raise the effective CAP_SETFCAP. +- */ +- if (cap_set_flag(mycaps, CAP_EFFECTIVE, 1, &capflag, CAP_SET) +- != 0) { +- perror("unable to manipulate CAP_SETFCAP - " +- "try a newer libcap?"); +- exit(1); +- } +- if (cap_set_proc(mycaps) != 0) { +- perror("unable to set CAP_SETFCAP effective capability"); +- exit(1); +- } +- tried_to_cap_setfcap = 1; +- } + retval = cap_set_file(*++argv, cap_d); + if (retval != 0) { +- int explained = 0; + int oerrno = errno; +-#ifdef linux +- cap_value_t cap; +- cap_flag_value_t per_state; +- +- for (cap = 0; +- cap_get_flag(cap_d, cap, CAP_PERMITTED, &per_state) != -1; +- cap++) { +- cap_flag_value_t inh_state, eff_state; +- +- cap_get_flag(cap_d, cap, CAP_INHERITABLE, &inh_state); +- cap_get_flag(cap_d, cap, CAP_EFFECTIVE, &eff_state); +- if ((inh_state | per_state) != eff_state) { +- fprintf(stderr, "NOTE: Under Linux, effective file capabilities must either be empty, or\n" +- " exactly match the union of selected permitted and inheritable bits.\n"); +- explained = 1; +- break; +- } +- } +-#endif /* def linux */ +- + fprintf(stderr, + "Failed to set capabilities on file `%s' (%s)\n", + argv[0], strerror(oerrno)); +- if (!explained) { +- usage(); +- } ++ + } + } + if (cap_d) { +-- +2.6.6 + diff --git a/meta-app-framework/recipes-support/libcap/libcap_%.bbappend b/meta-app-framework/recipes-support/libcap/libcap_%.bbappend new file mode 100644 index 000000000..fbe893501 --- /dev/null +++ b/meta-app-framework/recipes-support/libcap/libcap_%.bbappend @@ -0,0 +1,5 @@ +FILESEXTRAPATHS_append_class-native := ":${THISDIR}/${PN}" +SRC_URI_append_class-native = " file://removing-capability-enforcement.patch" +PACKAGECONFIG_class-native ?= "attr" +DEPENDS_append_class-native = " attr-native" + |