Hoernchen has submitted this change. ( https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/27604 ) Change subject: tcpdump capture script: check permissions to fix running in a netns ...................................................................... tcpdump capture script: check permissions to fix running in a netns This might be all caps (=ep), or a list of all caps. Change-Id: I75f7af6cc67e96ffb7b002591f7f7d1da9b5a51d --- M ttcn3-tcpdump-start.sh 1 file changed, 13 insertions(+), 0 deletions(-) Approvals: pespin: Looks good to me, but someone else must approve Hoernchen: Looks good to me, approved Jenkins Builder: Verified diff --git a/ttcn3-tcpdump-start.sh b/ttcn3-tcpdump-start.sh index 9b7a8b5..0ce07cd 100755 --- a/ttcn3-tcpdump-start.sh +++ b/ttcn3-tcpdump-start.sh @@ -42,6 +42,19 @@ /sbin/setcap -q -v 'cap_net_admin,cap_net_raw=pie' $DUMPCAP CAP_ERR="$?" fi + + # did we implicitly inherit all those caps because we're root in a netns? + if [ -u $DUMPCAP -o "$CAP_ERR" = "1" ]; then + getpcaps 0 2>&1 | grep -e cap_net_admin | grep -q -e cap_net_raw + CAP_ERR="$?" + fi + + # did we implicitly inherit all those caps because we're root in a netns? + if [ -u $DUMPCAP -o "$CAP_ERR" = "1" ]; then + getpcaps 0 2>&1 | grep -q -e " =ep" # all perms + CAP_ERR="$?" + fi + if [ -u $DUMPCAP -o "$CAP_ERR" = "0" ]; then CMD="$DUMPCAP -q" else -- To view, visit https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/27604 To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-ttcn3-hacks Gerrit-Branch: master Gerrit-Change-Id: I75f7af6cc67e96ffb7b002591f7f7d1da9b5a51d Gerrit-Change-Number: 27604 Gerrit-PatchSet: 9 Gerrit-Owner: Hoernchen <ewild(a)sysmocom.de> Gerrit-Reviewer: Hoernchen <ewild(a)sysmocom.de> Gerrit-Reviewer: Jenkins Builder Gerrit-Reviewer: laforge <laforge(a)osmocom.org> Gerrit-Reviewer: pespin <pespin(a)sysmocom.de> Gerrit-MessageType: merged