pespin has uploaded this change for review.

View Change

ttcn3-ggsn-test-ogs: set CAP_NET_RAW for open5gs-upfd

The SO_BINDTODEVICE feature (used for VRF) requires CAP_NET_RAW. Since
we run open5gs-upfd as user "osmocom", that seems to be causing some
permission problems under some systems (like jenkins). Let's make sure
we add the capabilitites to the binary before launching it as user
"osmocom".

Change-Id: I51ee6954a6c019a41cfcd50b2d99166316989d9b
---
M open5gs-master/Dockerfile
M ttcn3-ggsn-test/ogs/upfd.sh
2 files changed, 5 insertions(+), 2 deletions(-)

git pull ssh://gerrit.osmocom.org:29418/docker-playground refs/changes/96/27996/1
diff --git a/open5gs-master/Dockerfile b/open5gs-master/Dockerfile
index dd6cfd8..0e73559 100644
--- a/open5gs-master/Dockerfile
+++ b/open5gs-master/Dockerfile
@@ -12,6 +12,7 @@
         sudo \
         iproute2 \
         iputils-ping \
+        libcap2-bin \
         net-tools && \
     apt-get clean
 
diff --git a/ttcn3-ggsn-test/ogs/upfd.sh b/ttcn3-ggsn-test/ogs/upfd.sh
index 694df35..9089701 100755
--- a/ttcn3-ggsn-test/ogs/upfd.sh
+++ b/ttcn3-ggsn-test/ogs/upfd.sh
@@ -2,5 +2,7 @@
 set -e
 set -x
 /data/upfd-setup.sh
-#du -lha / | grep freeDiameter
-su - osmocom -c "open5gs-upfd $*"
+upfd_bin="$(command -v open5gs-upfd)"
+# so_bindtodevice cfg requires CAP_NET_RAW:
+setcap cap_net_raw+ep "$upfd_bin"
+su - osmocom -c "$upfd_bin $*"

To view, visit change 27996. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: docker-playground
Gerrit-Branch: master
Gerrit-Change-Id: I51ee6954a6c019a41cfcd50b2d99166316989d9b
Gerrit-Change-Number: 27996
Gerrit-PatchSet: 1
Gerrit-Owner: pespin <pespin@sysmocom.de>
Gerrit-MessageType: newchange