pespin has uploaded this change for review. ( https://gerrit.osmocom.org/c/docker-playground/+/27996 )

Change subject: ttcn3-ggsn-test-ogs: set CAP_NET_RAW for open5gs-upfd ......................................................................

ttcn3-ggsn-test-ogs: set CAP_NET_RAW for open5gs-upfd

The SO_BINDTODEVICE feature (used for VRF) requires CAP_NET_RAW. Since we run open5gs-upfd as user "osmocom", that seems to be causing some permission problems under some systems (like jenkins). Let's make sure we add the capabilitites to the binary before launching it as user "osmocom".

Change-Id: I51ee6954a6c019a41cfcd50b2d99166316989d9b --- M open5gs-master/Dockerfile M ttcn3-ggsn-test/ogs/upfd.sh 2 files changed, 5 insertions(+), 2 deletions(-)

git pull ssh://gerrit.osmocom.org:29418/docker-playground refs/changes/96/27996/1

diff --git a/open5gs-master/Dockerfile b/open5gs-master/Dockerfile index dd6cfd8..0e73559 100644 --- a/open5gs-master/Dockerfile +++ b/open5gs-master/Dockerfile @@ -12,6 +12,7 @@ sudo \ iproute2 \ iputils-ping \ + libcap2-bin \ net-tools && \ apt-get clean

diff --git a/ttcn3-ggsn-test/ogs/upfd.sh b/ttcn3-ggsn-test/ogs/upfd.sh index 694df35..9089701 100755 --- a/ttcn3-ggsn-test/ogs/upfd.sh +++ b/ttcn3-ggsn-test/ogs/upfd.sh @@ -2,5 +2,7 @@ set -e set -x /data/upfd-setup.sh -#du -lha / | grep freeDiameter -su - osmocom -c "open5gs-upfd $*" +upfd_bin="$(command -v open5gs-upfd)" +# so_bindtodevice cfg requires CAP_NET_RAW: +setcap cap_net_raw+ep "$upfd_bin" +su - osmocom -c "$upfd_bin $*"