osmith has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-upf/+/36670?usp=email ) Change subject: contrib/systemd: AmbientCapabilities=CAP_NET_ADMIN ...................................................................... contrib/systemd: AmbientCapabilities=CAP_NET_ADMIN Set CAP_NET_ADMIN so osmo-upf can set up GTP tunends and tunmaps even if running as user. Fix for: Operation not permitted (you must be root) netlink: Error: cache initialization failed: Operation not permitted 20240430095022378 DNFT ERROR error running nft ruleset: rc=-1 ruleset="add table inet osmo-upf { flags owner; };\n" (upf_nft.c:79) 20240430095022378 DNFT ERROR Failed to create nft table "osmo-upf" (upf_nft.c:111) Fixes: OS#6444 Change-Id: I17b21ad92837ad360d667248f3f002d44251891c --- M contrib/systemd/osmo-upf.service 1 file changed, 21 insertions(+), 0 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-upf refs/changes/70/36670/1 diff --git a/contrib/systemd/osmo-upf.service b/contrib/systemd/osmo-upf.service index 93dd84f..7e658d5 100644 --- a/contrib/systemd/osmo-upf.service +++ b/contrib/systemd/osmo-upf.service @@ -12,6 +12,8 @@ Group=osmocom ExecStart=/usr/bin/osmo-upf -c /etc/osmocom/osmo-upf.cfg RestartSec=2 +AmbientCapabilities=CAP_NET_ADMIN + [Install] WantedBy=multi-user.target -- To view, visit https://gerrit.osmocom.org/c/osmo-upf/+/36670?usp=email To unsubscribe, or for help writing mail filters, visit https://gerrit.osmocom.org/settings Gerrit-Project: osmo-upf Gerrit-Branch: master Gerrit-Change-Id: I17b21ad92837ad360d667248f3f002d44251891c Gerrit-Change-Number: 36670 Gerrit-PatchSet: 1 Gerrit-Owner: osmith <osmith(a)sysmocom.de> Gerrit-MessageType: newchange