Hoernchen has submitted this change. (
https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/27604 )
Change subject: tcpdump capture script: check permissions to fix running in a
netns
......................................................................
tcpdump capture script: check permissions to fix running in a netns
This might be all caps (=ep), or a list of all caps.
Change-Id: I75f7af6cc67e96ffb7b002591f7f7d1da9b5a51d
---
M ttcn3-tcpdump-start.sh
1 file changed, 13 insertions(+), 0 deletions(-)
Approvals:
pespin: Looks good to me, but someone else must approve
Hoernchen: Looks good to me, approved
Jenkins Builder: Verified
diff --git a/ttcn3-tcpdump-start.sh b/ttcn3-tcpdump-start.sh
index 9b7a8b5..0ce07cd 100755
--- a/ttcn3-tcpdump-start.sh
+++ b/ttcn3-tcpdump-start.sh
@@ -42,6 +42,19 @@
/sbin/setcap -q -v 'cap_net_admin,cap_net_raw=pie' $DUMPCAP
CAP_ERR="$?"
fi
+
+ # did we implicitly inherit all those caps because we're root in a netns?
+ if [ -u $DUMPCAP -o "$CAP_ERR" = "1" ]; then
+ getpcaps 0 2>&1 | grep -e cap_net_admin | grep -q -e cap_net_raw
+ CAP_ERR="$?"
+ fi
+
+ # did we implicitly inherit all those caps because we're root in a netns?
+ if [ -u $DUMPCAP -o "$CAP_ERR" = "1" ]; then
+ getpcaps 0 2>&1 | grep -q -e " =ep" # all perms
+ CAP_ERR="$?"
+ fi
+
if [ -u $DUMPCAP -o "$CAP_ERR" = "0" ]; then
CMD="$DUMPCAP -q"
else
--
To view, visit https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/27604
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings
Gerrit-Project: osmo-ttcn3-hacks
Gerrit-Branch: master
Gerrit-Change-Id: I75f7af6cc67e96ffb7b002591f7f7d1da9b5a51d
Gerrit-Change-Number: 27604
Gerrit-PatchSet: 9
Gerrit-Owner: Hoernchen <[email protected]>
Gerrit-Reviewer: Hoernchen <[email protected]>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: laforge <[email protected]>
Gerrit-Reviewer: pespin <[email protected]>
Gerrit-MessageType: merged
