osmith has submitted this change. (
https://gerrit.osmocom.org/c/osmo-upf/+/36670?usp=email )
Change subject: contrib/systemd: AmbientCapabilities=CAP_NET_ADMIN
......................................................................
contrib/systemd: AmbientCapabilities=CAP_NET_ADMIN
Set CAP_NET_ADMIN so osmo-upf can set up GTP tunends and tunmaps even if
running as user.
Fix for:
Operation not permitted (you must be root)
netlink: Error: cache initialization failed: Operation not permitted
20240430095022378 DNFT ERROR error running nft ruleset: rc=-1 ruleset="add table
inet osmo-upf { flags owner; };\n" (upf_nft.c:79)
20240430095022378 DNFT ERROR Failed to create nft table "osmo-upf"
(upf_nft.c:111)
Fixes: OS#6444
Change-Id: I17b21ad92837ad360d667248f3f002d44251891c
---
M contrib/systemd/osmo-upf.service
1 file changed, 20 insertions(+), 0 deletions(-)
Approvals:
Jenkins Builder: Verified
fixeria: Looks good to me, but someone else must approve
pespin: Looks good to me, approved
diff --git a/contrib/systemd/osmo-upf.service b/contrib/systemd/osmo-upf.service
index 93dd84f..ccb4f4f 100644
--- a/contrib/systemd/osmo-upf.service
+++ b/contrib/systemd/osmo-upf.service
@@ -12,6 +12,7 @@
Group=osmocom
ExecStart=/usr/bin/osmo-upf -c /etc/osmocom/osmo-upf.cfg
RestartSec=2
+AmbientCapabilities=CAP_NET_ADMIN
[Install]
WantedBy=multi-user.target
--
To view, visit
https://gerrit.osmocom.org/c/osmo-upf/+/36670?usp=email
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings
Gerrit-Project: osmo-upf
Gerrit-Branch: master
Gerrit-Change-Id: I17b21ad92837ad360d667248f3f002d44251891c
Gerrit-Change-Number: 36670
Gerrit-PatchSet: 2
Gerrit-Owner: osmith <osmith(a)sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: fixeria <vyanitskiy(a)sysmocom.de>
Gerrit-Reviewer: osmith <osmith(a)sysmocom.de>
Gerrit-Reviewer: pespin <pespin(a)sysmocom.de>
Gerrit-MessageType: merged