Ever since my first stumbling steps with Linux back in ‘96, I’ve been learning about UNIX. The first obvious lesson was to not use the root account. Since then I’ve been using a combination of sudo command and suid root binaries to get the job done.

sudo make me a sandwich

For the last ten years, however, I’ve been meaning to learn about Linux capabilities(7) and thanks to a colleague of mine I now have :)

What you want is to grant capabilities per user and application. Most tutorials only tell you how to do one or the other.

First of all you need to figure out what capabilities an application requires to perform an action. Let’s use tcpdump as an example, it needs raw link access to sniff packets so your user (you), need to be listed in the system /etc/security/capability.conf file:

cap_net_raw     joachim

Second, you need to set this on the application, so that when joachim wants to run tcpdump he is granted the capability:

$ sudo /sbin/setcap cap_net_raw+ep /usr/sbin/tcpdump

Some applications require multiple capabilities, like Qemu when you use tap networking. Update /etc/security/capability.conf

cap_net_raw     joachim
cap_net_admin   joachim

Then add both capabilities to qemu, like this:

$ sudo /sbin/setcap cap_net_raw,cap_net_admin+ep /usr/bin/qemu-system-arm

For some odd reason, today was the day when I woke up and continued working on libICMP. It’s now almost seven years since I first adopted Tim Lawless’ public domain version, and today I picked up where I left off and started refactoring and cleaning up.

Example:

    #include "icmp/icmp.h"
    
    int main(int argc, char *argv[])
    {
        char *host = "localhost";
        struct libicmp *obj;
        
        if (argc >= 2)
                host = argv[1];

        if (!(obj = icmp_open(host, 0x1337, 0)))
                return 1;
        
        return icmp_ping(obj, 0, 0) == -1;
    }

libICMP is nowhere near as fancy as liboping and is only slightly smaller with a more liberal license (ISC). The first release is however available from GitHub. Pull requests are as usual most welcome! :smiley:


This post is about my adoption, refactor, and rebranding of thttpd as Merecat.

I code for recreation as well as work. Most of the time I tinker around with my various projects simply to learn and sometimes these little projects turn into something useful for other people as well, which is great!

Recently I discovered my method to get started: refactoring, or just simple code cleanup. You see I've got this crazy idea that all simple things are correct. Although things usually tend to require a certain balance — not all things can be simplified, and not all simple things are correct.

When I recently had to migrate my personal blog, FTP, and GIT server, I set out to run everything from an old RasPi2. This put my private life in just about the same niche as my work life, embedded. On a resource constrained platform like that running Apache is not the best idea. So I set out to (re-)discover the web servers of my past, the late 90’s, I had almost forgotten:

Come to think of it, they are probably one of the many reasons that I started my career in embedded in the first place!


Finally, fresh from the oven, here are the remaining two toolchains I’ve promised, based on GCC 6.1 and GLIBC 2.23. Download from the FTP:

Unpack into /usr/local, and add to your $PATH, e.g.

export PATH=/usr/local/arm-unknown-linux-gnueabi-6.1.0-2/bin:$PATH

The toolchains are built using crosstool-NG on Ubuntu 16.04 64-bit, and are primarily intended for myself and users of TroglOS, but are generic enough to be useful for other purposes as well.

The .config for crosstool-NG can be retrieved using the $CROSS prefix followed by -ct-ng.config, e.g.:

arm-unknown-linux-gnueabi-cg-ng.config

This revision only contains C and C++ cross-toolchains, but the next revision will likely also include Go. Enjoy! :smiley:


First GCC 6.1 based ARM (32-bit) toolchain released on my FTP. Built using crosstool-NG for Ubuntu 16.04 (x86_64) with GLIBC 2.23.

Download, unpack into /usr/local, and add to your $PATH

export PATH=/usr/local/arm-unknown-linux-gnueabi-6.1.0-1/bin:$PATH

There’s lots of neat stuff included, both a sysroot and a debug-root with GDB and gdbserver for target. For details on using it, see the excellent docs.

The main purpose for my building this is TroglOS, but it is useful for other purposes as well of course. To rebuild it on your system, see the included crosstool.config file and the encoded GIT hash.

Next up is a PowerPC (32-bit) and x86 (64-bit) toolchain, also with GLIBC 2.23. Then I may venture into the realm of musl libc based toolchains, possibly the guise of CobbleOS