pespin has uploaded this change for review. ( https://gerrit.osmocom.org/c/docker-playground/+/27996 ) Change subject: ttcn3-ggsn-test-ogs: set CAP_NET_RAW for open5gs-upfd ...................................................................... ttcn3-ggsn-test-ogs: set CAP_NET_RAW for open5gs-upfd The SO_BINDTODEVICE feature (used for VRF) requires CAP_NET_RAW. Since we run open5gs-upfd as user "osmocom", that seems to be causing some permission problems under some systems (like jenkins). Let's make sure we add the capabilitites to the binary before launching it as user "osmocom". Change-Id: I51ee6954a6c019a41cfcd50b2d99166316989d9b --- M open5gs-master/Dockerfile M ttcn3-ggsn-test/ogs/upfd.sh 2 files changed, 5 insertions(+), 2 deletions(-) git pull ssh://gerrit.osmocom.org:29418/docker-playground refs/changes/96/27996/1 diff --git a/open5gs-master/Dockerfile b/open5gs-master/Dockerfile index dd6cfd8..0e73559 100644 --- a/open5gs-master/Dockerfile +++ b/open5gs-master/Dockerfile @@ -12,6 +12,7 @@ sudo \ iproute2 \ iputils-ping \ + libcap2-bin \ net-tools && \ apt-get clean diff --git a/ttcn3-ggsn-test/ogs/upfd.sh b/ttcn3-ggsn-test/ogs/upfd.sh index 694df35..9089701 100755 --- a/ttcn3-ggsn-test/ogs/upfd.sh +++ b/ttcn3-ggsn-test/ogs/upfd.sh @@ -2,5 +2,7 @@ set -e set -x /data/upfd-setup.sh -#du -lha / | grep freeDiameter -su - osmocom -c "open5gs-upfd $*" +upfd_bin="$(command -v open5gs-upfd)" +# so_bindtodevice cfg requires CAP_NET_RAW: +setcap cap_net_raw+ep "$upfd_bin" +su - osmocom -c "$upfd_bin $*" -- To view, visit https://gerrit.osmocom.org/c/docker-playground/+/27996 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: docker-playground Gerrit-Branch: master Gerrit-Change-Id: I51ee6954a6c019a41cfcd50b2d99166316989d9b Gerrit-Change-Number: 27996 Gerrit-PatchSet: 1 Gerrit-Owner: pespin <pespin(a)sysmocom.de> Gerrit-MessageType: newchange