Marcus Folkesson

Embedded Linux Artist

Restrictions that comes with capabilities

Restrictions that comes with capabilities I debugged an interesting problem this weekend related to which impact capabilites could have on a running process in a Linux system. I already knew that there are some security restrictions for applications that setuid/setgid or have capabilities set. One example is that LD_LIBRARY_PATH is silently ignored for an application with capabilities. You are simply not allowed to link in whatever you like for priviliged applications - which is a good thing. cover

TIL - strace and capabilites

TIL - strace and capabilities TIL, Today I Learned, is more of a "I just figured this out: here are my notes, you may find them useful too" rather than a full blog post strace [1] is a terrific tool to trace system calls and signals for a specific command. The fact that programs using the setuid bit do not have the effective user ID priviliges when being traced was something I already knew, but that the same was true to capabilites [2] was new to me.

TIL - interactive shell script

TIL - interactive shell script TIL, Today I Learned, is more of a "I just figured this out: here are my notes, you may find them useful too" rather than a full blog post I saw this line in a script: 1INTERACTIVE="" && [[ -t 0 ]] && INTERACTIVE="-it" And later on start a container: 1docker run --rm ${INTERACTIVE} -v "${PWD}":/home/br-user \ 2 --user "$(id -u)":"$(id -g)" \ 3 myproject/docker "${@}" It tests if STDIN is opened on a terminal and in that case set $INTERACTIVE to -ti to start the container with an interactive shell.

Board bring-up part 4: Wrap it up

Board bring-up part 4: Wrap it up I'm currently working with a board bring up for a custom hardware based on a OMAPL138 from Texas Instruments. It is fun to work with "real" bring-ups. Most of my customers use System On Modules (SoM:s) these days. You get a lot for free with those modules but a lot of the fun is stripped away. This post is not intended to be guide, it is more of a follow-me-through-my-work-post divided into three parts. cover

Board bring-up part 3: Other peripherals

Board bring-up part 3: Other peripherals I'm currently working with a board bring up for a custom hardware based on a OMAPL138 from Texas Instruments. It is fun to work with "real" bring-ups. Most of my customers use System On Modules (SoM:s) these days. You get a lot for free with those modules but a lot of the fun is stripped away. This post is not intended to be guide, it is more of a follow-me-through-my-work-post divided into three parts. cover

Board bring-up part 2: NAND flash

Board bring-up part 2: NAND flash I'm currently working with a board bring up for a custom hardware based on a OMAPL138 from Texas Instruments. It is fun to work with "real" bring-ups. Most of my customers use System On Modules (SoM:s) these days. You get a lot for free with those modules but a lot of the fun is stripped away. This post is not intended to be guide, it is more of a follow-me-through-my-work-post divided into three parts. cover

Board bring-up part 1: Memory hassle

Board bring-up part 1: Memory hassle I'm currently working with a board bring up for a custom hardware based on a OMAPL138 from Texas Instruments. It is fun to work with "real" bring-ups. Most of my customers use System On Modules (SoM:s) these days. You get a lot for free with those modules but a lot of the fun is stripped away. This post is not intended to be guide, it is more of a follow-me-through-my-work-post divided into three parts. cover

Forge a kitchen knife

Forge a kitchen knife Another attempt to forge a knife. The metal I use for this project is part of a feather harrow that I collected from my father farm. I cut out a ~8x4cm long piece from the springs of the feather harrow: Bosse (the dog) never leaves me, so I got him a sack to snuggle down on at the outside of the garage. I used the gas forge for the entire project. cover

--build, --host and --target explained

--build, --host and --target explained Too often I see abuse of the --host, --build and --target options during (cross-)compilation of code using autotools. The feeling is more that people try different values until it seems to produce what they want without knowing what they are actually doing. But who can blame them. What these parameters do it not obvious and very few people compile their own crosscompiler nowadays - or ever did.

Forge a knife blade from a car spring

Forge a knife blade from a car spring I helped my friend to change springs on his car, so I kept the broken spring as forging material. The carbon content of spring steel is aroundd 0.6 to 0.8% which works well for hardening - so lets forge a knife! I cut out a ~10cm long piece from the car spring. I use the induction heater to straight it out and flatten it a little. cover