[MERGED] osmo-gsm-manuals[master]: OsmoGSMTester: Document how to setup main unit to set CAP_NE...

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Harald Welte gerrit-no-reply at lists.osmocom.org
Sun Nov 12 14:21:17 UTC 2017


Harald Welte has submitted this change and it was merged.

Change subject: OsmoGSMTester: Document how to setup main unit to set CAP_NET_RAW as non-root
......................................................................


OsmoGSMTester: Document how to setup main unit to set CAP_NET_RAW as
non-root

Change-Id: I011beaa929efcabe9a9dc4f9c7222ba36fa2aae4
---
M OsmoGSMTester/chapters/install.adoc
1 file changed, 30 insertions(+), 0 deletions(-)

Approvals:
  Neels Hofmeyr: Looks good to me, approved
  Jenkins Builder: Verified



diff --git a/OsmoGSMTester/chapters/install.adoc b/OsmoGSMTester/chapters/install.adoc
index aaf4d39..146dae1 100644
--- a/OsmoGSMTester/chapters/install.adoc
+++ b/OsmoGSMTester/chapters/install.adoc
@@ -486,6 +486,36 @@
 gpasswd -a jenkins usrp
 ----
 
+==== Allow CAP_NET_RAW capability
+
+Certain binaries require 'CAP_NET_RAW' to be set, like 'osmo-bts-octphy' as it
+uses a 'AF_PACKET' socket.
+
+To be able to set the following capability without being root, osmo-gsm-tester
+uses sudo to gain permissions to set the capability.
+
+This is the script that osmo-gsm-tester expects on the main unit:
+
+----
+echo /usr/local/bin/osmo-gsm-tester_setcap_net_raw.sh <<EOF
+#!/bin/bash
+/sbin/setcap cap_net_raw+ep $1
+EOF
+chmod +x /usr/local/bin/osmo-gsm-tester_setcap_net_raw.sh
+----
+
+Now, again on the main unit, we need to provide sudo access to this script for
+osmo-gsm-tester:
+
+----
+echo "%osmo-gsm-tester ALL=(root) NOPASSWD: /usr/local/bin/osmo-gsm-tester_setcap_net_raw.sh" > /etc/sudoers.d/osmo-gsm-tester_setcap_net_raw
+chmod 0440 /etc/sudoers.d/osmo-gsm-tester_setcap_net_raw
+----
+
+The script file name 'osmo-gsm-tester_setcap_net_raw.sh' is important, as
+osmo-gsm-tester expects to find a script with this name in '$PATH' at run time.
+
+
 ==== Log Rotation
 
 To avoid clogging up /var/log, it makes sense to choose a sane maximum log size:

-- 
To view, visit https://gerrit.osmocom.org/4662
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I011beaa929efcabe9a9dc4f9c7222ba36fa2aae4
Gerrit-PatchSet: 2
Gerrit-Project: osmo-gsm-manuals
Gerrit-Branch: master
Gerrit-Owner: Pau Espin Pedrol <pespin at sysmocom.de>
Gerrit-Reviewer: Harald Welte <laforge at gnumonks.org>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: Neels Hofmeyr <nhofmeyr at sysmocom.de>



More information about the gerrit-log mailing list