pespin has submitted this change. ( https://gerrit.osmocom.org/c/docker-playground/+/27996 ) Change subject: ttcn3-ggsn-test-ogs: set CAP_NET_RAW for open5gs-upfd ...................................................................... ttcn3-ggsn-test-ogs: set CAP_NET_RAW for open5gs-upfd The SO_BINDTODEVICE feature (used for VRF) requires CAP_NET_RAW. Since we run open5gs-upfd as user "osmocom", that seems to be causing some permission problems under some systems (like jenkins). Let's make sure we add the capabilitites to the binary before launching it as user "osmocom". Change-Id: I51ee6954a6c019a41cfcd50b2d99166316989d9b --- M open5gs-master/Dockerfile M ttcn3-ggsn-test/ogs/upfd.sh 2 files changed, 5 insertions(+), 2 deletions(-) Approvals: Jenkins Builder: Verified fixeria: Looks good to me, but someone else must approve pespin: Looks good to me, approved diff --git a/open5gs-master/Dockerfile b/open5gs-master/Dockerfile index dd6cfd8..0e73559 100644 --- a/open5gs-master/Dockerfile +++ b/open5gs-master/Dockerfile @@ -12,6 +12,7 @@ sudo \ iproute2 \ iputils-ping \ + libcap2-bin \ net-tools && \ apt-get clean diff --git a/ttcn3-ggsn-test/ogs/upfd.sh b/ttcn3-ggsn-test/ogs/upfd.sh index 694df35..9089701 100755 --- a/ttcn3-ggsn-test/ogs/upfd.sh +++ b/ttcn3-ggsn-test/ogs/upfd.sh @@ -2,5 +2,7 @@ set -e set -x /data/upfd-setup.sh -#du -lha / | grep freeDiameter -su - osmocom -c "open5gs-upfd $*" +upfd_bin="$(command -v open5gs-upfd)" +# so_bindtodevice cfg requires CAP_NET_RAW: +setcap cap_net_raw+ep "$upfd_bin" +su - osmocom -c "$upfd_bin $*" -- To view, visit https://gerrit.osmocom.org/c/docker-playground/+/27996 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: docker-playground Gerrit-Branch: master Gerrit-Change-Id: I51ee6954a6c019a41cfcd50b2d99166316989d9b Gerrit-Change-Number: 27996 Gerrit-PatchSet: 1 Gerrit-Owner: pespin <pespin(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: fixeria <vyanitskiy(a)sysmocom.de> Gerrit-Reviewer: pespin <pespin(a)sysmocom.de> Gerrit-MessageType: merged