libamxrt: fix libcap-ng issues on ext4 by enabling EXT4_FS_SECURITY

Commit 3dc4681f9b ("Integrating libamxp to master_v2.1.1") added handling of subprocess capabilities via libcap-ng, which on targets utilizing ext4 filesystem needs EXT4_FS_SECURITY kernel config symbol enabled for proper support of extended filesystem attributes via fsetxattr(): amxp_subproc_start() `-amxp_subproc_vstart() `-amxp_subproc_exec_child() `-amxp_subproc_set_capabilities() `-capng_apply_caps_fd() `-fsetxattr() open("/usr/sbin/unbound", O_RDWR|O_LARGEFILE) = 3 ... fsetxattr(3, "security.capability", "\1\0\0\2\0\0\0\0*$\0\200\0\0\0\0\0\0\0", 20, 0) = -1 EOPNOTSUPP (Not supported) This failure then leads to missing CAP_NET_BIND_SERVICE capability and thus unbound can't start: [1726337363] unbound[30984:0] error: can't bind socket: Permission denied for 0.0.0.0 port 53 [1726337363] unbound[30984:0] error: can't bind socket: Permission denied for :: port 53 [1726337363] unbound[30984:0] fatal error: could not open ports ... tr181-dns: dns - [i]Started Unbound (1 times) - (start_unbound@modunbound_main.c:455) tr181-dns: dns - [i]wait for wait:done - (start_unbound@modunbound_main.c:457) tr181-dns: dns - [x]Unbound stopped! - (unbound_stopped@modunbound_main.c:373) So lets fix it by selecting KERNEL_EXT4_FS_SECURITY config symbol if either target uses ext4 filesystem or kmod-fs-ext4 package is selected. Fixes: PPW-74 References: PCF-1411 Fixes: 3dc4681f9b ("Integrating libamxp to master_v2.1.1") Signed-off-by: Petr Štetiar <petr.stetiar@prplfoundation.org> GitOrigin-RevId: 85e0e6f92a8112ba9c3e102fc9f39341f17de3ae (cherry picked from commit 825c023cd8)
Integrating libamxa to master_v0.11.1
2026-01-01 10:00:09 +08:00 · 2024-09-18 18:48:35 +00:00 · 2024-09-18 18:48:34 +00:00
2 changed files with 6 additions and 5 deletions
--- a/libs/libamxa/Makefile
+++ b/libs/libamxa/Makefile
@@ -1,13 +1,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=libamxa
-PKG_VERSION:=v0.11.0
+PKG_VERSION:=v0.11.1
 SHORT_DESCRIPTION:=Access control verification

-PKG_SOURCE:=libamxa-v0.11.0.tar.gz
-PKG_SOURCE_URL:=https://gitlab.com/prpl-foundation/components/ambiorix/libraries/libamxa/-/archive/v0.11.0
-PKG_HASH:=18bdeaf99a56530c7b2725cc3bced0eb92e04e54c57ae0f3aa98ac4c005588a9
-PKG_BUILD_DIR:=$(BUILD_DIR)/libamxa-v0.11.0
+PKG_SOURCE:=libamxa-v0.11.1.tar.gz
+PKG_SOURCE_URL:=https://gitlab.com/prpl-foundation/components/ambiorix/libraries/libamxa/-/archive/v0.11.1
+PKG_HASH:=c4ce80b236e2e6bef000e6c90df0b4be995e8ce689f88bbbbc1a3dcf6199d664
+PKG_BUILD_DIR:=$(BUILD_DIR)/libamxa-v0.11.1
 PKG_MAINTAINER:=Soft At Home <support.opensource@softathome.com>
 PKG_LICENSE:=BSD-2-Clause-Patent
 PKG_LICENSE_FILES:=LICENSE
--- a/libs/libamxrt/Config.in
+++ b/libs/libamxrt/Config.in
@@ -9,6 +9,7 @@ menu "Select libamxrt build options"

 config SAH_LIB_AMXRT
    bool "Build libamxrt"
+    select KERNEL_EXT4_FS_SECURITY if USES_EXT4 || PACKAGE_kmod-fs-ext4
    default y

 config SAH_AMXRT_RWDATAPATH