Hoernchen has submitted this change. ( https://gerrit.osmocom.org/c/osmo-ttcn3-hacks/+/27604 )

Change subject: tcpdump capture script: check permissions to fix running in a netns ......................................................................

tcpdump capture script: check permissions to fix running in a netns

This might be all caps (=ep), or a list of all caps.

Change-Id: I75f7af6cc67e96ffb7b002591f7f7d1da9b5a51d --- M ttcn3-tcpdump-start.sh 1 file changed, 13 insertions(+), 0 deletions(-)

Approvals: pespin: Looks good to me, but someone else must approve Hoernchen: Looks good to me, approved Jenkins Builder: Verified

diff --git a/ttcn3-tcpdump-start.sh b/ttcn3-tcpdump-start.sh index 9b7a8b5..0ce07cd 100755 --- a/ttcn3-tcpdump-start.sh +++ b/ttcn3-tcpdump-start.sh @@ -42,6 +42,19 @@ /sbin/setcap -q -v 'cap_net_admin,cap_net_raw=pie' $DUMPCAP CAP_ERR="$?" fi + + # did we implicitly inherit all those caps because we're root in a netns? + if [ -u $DUMPCAP -o "$CAP_ERR" = "1" ]; then + getpcaps 0 2>&1 | grep -e cap_net_admin | grep -q -e cap_net_raw + CAP_ERR="$?" + fi + + # did we implicitly inherit all those caps because we're root in a netns? + if [ -u $DUMPCAP -o "$CAP_ERR" = "1" ]; then + getpcaps 0 2>&1 | grep -q -e " =ep" # all perms + CAP_ERR="$?" + fi + if [ -u $DUMPCAP -o "$CAP_ERR" = "0" ]; then CMD="$DUMPCAP -q" else