fix(packaging): add CAP_NET_ADMIN for go.d.plugin (#13507)

author: Ilya Mashchenko <ilya@netdata.cloud> 2022-08-11 18:57:35 +0300
committer: netdatabot <bot@netdata.cloud> 2022-08-15 07:29:32 -0400
commit: db748a5020aa080e629691ccbc3bf231fed40456 (patch)
tree: 38f13fdae2b89c49871095c178d4bab014c16391
parent: 3d7fb90d524466985672c077ad538f22a7c50a2b (diff)
4 files changed, 14 insertions, 0 deletions
diff --git a/contrib/debian/netdata.postinst b/contrib/debian/netdata.postinst
index 12b1d97b74..cf6a760604 100644
--- a/contrib/debian/netdata.postinst
+++ b/contrib/debian/netdata.postinst
@@ -63,6 +63,10 @@ case "$1" in
         setcap cap_sys_admin+ep /usr/libexec/netdata/plugins.d/perf.plugin
     fi
 
+    if [ -f "/usr/libexec/netdata/plugins.d/go.d.plugin" ]; then
+      setcap cap_net_admin+epi /usr/libexec/netdata/plugins.d/go.d.plugin
+    fi
+
     chmod 4750 /usr/libexec/netdata/plugins.d/cgroup-network
     chmod 4750 /usr/libexec/netdata/plugins.d/nfacct.plugin
 
diff --git a/netdata-installer.sh b/netdata-installer.sh
index f6f4fd520a..941cf13f39 100755
--- a/netdata-installer.sh
+++ b/netdata-installer.sh
@@ -1443,6 +1443,9 @@ install_go() {
     run chown "root:${NETDATA_GROUP}" "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/go.d.plugin"
   fi
   run chmod 0750 "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/go.d.plugin"
+  if command -v setcap 1>/dev/null 2>&1; then
+    run setcap cap_net_admin+epi "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/go.d.plugin"
+  fi
   rm -rf "${tmp}"
 
   [ -n "${GITHUB_ACTIONS}" ] && echo "::endgroup::"
diff --git a/netdata.spec.in b/netdata.spec.in
index 756a9d3d72..a75e48ddaa 100644
--- a/netdata.spec.in
+++ b/netdata.spec.in
@@ -515,6 +515,9 @@ rm -rf "${RPM_BUILD_ROOT}"
 # freeipmi files
 %attr(4750,root,netdata) %{_libexecdir}/%{name}/plugins.d/freeipmi.plugin
 
+# go.d.plugin (the capability required for wireguard module)
+%caps(cap_net_admin=epi) %{_libexecdir}/%{name}/plugins.d/go.d.plugin
+
 # Enforce 0644 for files and 0755 for directories
 # for the netdata web directory
 %defattr(0644,root,root,0755)
diff --git a/packaging/makeself/install-or-update.sh b/packaging/makeself/install-or-update.sh
index 15b073febd..aef67a156d 100755
--- a/packaging/makeself/install-or-update.sh
+++ b/packaging/makeself/install-or-update.sh
@@ -214,6 +214,10 @@ for x in apps.plugin freeipmi.plugin ioping cgroup-network ebpf.plugin perf.plug
   fi
 done
 
+if [ -f "usr/libexec/netdata/plugins.d/go.d.plugin" ] && command -v setcap 1>/dev/null 2>&1; then
+  run setcap cap_net_admin+epi "usr/libexec/netdata/plugins.d/go.d.plugin"
+fi
+
 # fix the fping binary
 if [ -f bin/fping ]; then
   run chown root:${NETDATA_GROUP} bin/fping
author	Ilya Mashchenko <ilya@netdata.cloud>	2022-08-11 18:57:35 +0300
committer	netdatabot <bot@netdata.cloud>	2022-08-15 07:29:32 -0400
commit	db748a5020aa080e629691ccbc3bf231fed40456 (patch)
tree	38f13fdae2b89c49871095c178d4bab014c16391
parent	3d7fb90d524466985672c077ad538f22a7c50a2b (diff)