On Wed, Nov 14, 2012 at 5:45 AM, Doug Burks <[email protected]> wrote:
> The INSTALL file says:
>
> In order to run the toolkit as a normal user, set the following privilege
> separation after the build/installation:
> $ sudo setcap cap_net_raw,cap_ipc_lock,cap_net_admin=eip {toolname}
>
> So I ran the following:
> sudo setcap cap_net_raw,cap_ipc_lock,cap_net_admin=eip /usr/sbin/netsniff-ng
>
> I'm then able to sniff as a non-root user using something like:
> netsniff-ng -i eth0
>
> However, if I try to write to disk using something like:
> netsniff-ng -i eth0 -o /tmp
>
> I get the following error:
> Failed to set io prio for pid!
>
> I see that there is a priority option (which I haven't enabled):
> -H|--prio-high Make this high priority process
>
> Does netsniff-ng try to change the priority by default when writing to disk?
>
> Is this is a bug, or do I need to alter my setcap command?
Thanks for reporting. Fixed as well upstream. It should have been:
$ sudo setcap cap_net_raw,cap_ipc_lock,cap_sys_admin,cap_net_admin=eip
{toolname}
... since i.e. netsniff-ng also sets the disc I/O scheduler policy.
--
