pespin has submitted this change. ( https://gerrit.osmocom.org/c/docker-playground/+/27996 )

Change subject: ttcn3-ggsn-test-ogs: set CAP_NET_RAW for open5gs-upfd ......................................................................

ttcn3-ggsn-test-ogs: set CAP_NET_RAW for open5gs-upfd

The SO_BINDTODEVICE feature (used for VRF) requires CAP_NET_RAW. Since we run open5gs-upfd as user "osmocom", that seems to be causing some permission problems under some systems (like jenkins). Let's make sure we add the capabilitites to the binary before launching it as user "osmocom".

Change-Id: I51ee6954a6c019a41cfcd50b2d99166316989d9b --- M open5gs-master/Dockerfile M ttcn3-ggsn-test/ogs/upfd.sh 2 files changed, 5 insertions(+), 2 deletions(-)

Approvals: Jenkins Builder: Verified fixeria: Looks good to me, but someone else must approve pespin: Looks good to me, approved

diff --git a/open5gs-master/Dockerfile b/open5gs-master/Dockerfile index dd6cfd8..0e73559 100644 --- a/open5gs-master/Dockerfile +++ b/open5gs-master/Dockerfile @@ -12,6 +12,7 @@ sudo \ iproute2 \ iputils-ping \ + libcap2-bin \ net-tools && \ apt-get clean

diff --git a/ttcn3-ggsn-test/ogs/upfd.sh b/ttcn3-ggsn-test/ogs/upfd.sh index 694df35..9089701 100755 --- a/ttcn3-ggsn-test/ogs/upfd.sh +++ b/ttcn3-ggsn-test/ogs/upfd.sh @@ -2,5 +2,7 @@ set -e set -x /data/upfd-setup.sh -#du -lha / | grep freeDiameter -su - osmocom -c "open5gs-upfd $*" +upfd_bin="$(command -v open5gs-upfd)" +# so_bindtodevice cfg requires CAP_NET_RAW: +setcap cap_net_raw+ep "$upfd_bin" +su - osmocom -c "$upfd_bin $*"