diff options
| author | Ilya Mashchenko <ilya@netdata.cloud> | 2024-01-11 17:31:20 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-01-11 17:31:20 +0200 |
| commit | 1b3eb5b42fc8b5d04056c49f8b6d94668d913492 (patch) | |
| tree | 3a6248379aba0413a0b38bd91f4e62bd8da1a6aa | |
| parent | f2b250a1f53af00241522db35f8c85f19ed282e1 (diff) | |
packaging: add cap_dac_read_search to go.d.plugin (#16754)
| -rw-r--r-- | contrib/debian/netdata-plugin-go.postinst | 2 | ||||
| -rwxr-xr-x | netdata-installer.sh | 2 | ||||
| -rw-r--r-- | netdata.spec.in | 2 | ||||
| -rwxr-xr-x | packaging/makeself/install-or-update.sh | 2 |
4 files changed, 4 insertions, 4 deletions
diff --git a/contrib/debian/netdata-plugin-go.postinst b/contrib/debian/netdata-plugin-go.postinst index 70d67aaa13..e8604929e0 100644 --- a/contrib/debian/netdata-plugin-go.postinst +++ b/contrib/debian/netdata-plugin-go.postinst @@ -6,7 +6,7 @@ case "$1" in configure|reconfigure) chown root:netdata /usr/libexec/netdata/plugins.d/go.d.plugin chmod 0750 /usr/libexec/netdata/plugins.d/go.d.plugin - if ! setcap "cap_net_admin=eip cap_net_raw=eip" /usr/libexec/netdata/plugins.d/go.d.plugin; then + if ! setcap "cap_dac_read_search+epi cap_net_admin=eip cap_net_raw=eip" /usr/libexec/netdata/plugins.d/go.d.plugin; then chmod -f 4750 /usr/libexec/netdata/plugins.d/go.d.plugin fi ;; diff --git a/netdata-installer.sh b/netdata-installer.sh index 5fb8cf9741..3eb61a13e5 100755 --- a/netdata-installer.sh +++ b/netdata-installer.sh @@ -1620,7 +1620,7 @@ install_go if [ -f "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/go.d.plugin" ]; then if command -v setcap 1>/dev/null 2>&1; then - run setcap "cap_net_admin+epi cap_net_raw=eip" "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/go.d.plugin" + run setcap "cap_dac_read_search+epi cap_net_admin+epi cap_net_raw=eip" "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/go.d.plugin" fi fi diff --git a/netdata.spec.in b/netdata.spec.in index e31b96f405..372a2c67b4 100644 --- a/netdata.spec.in +++ b/netdata.spec.in @@ -993,7 +993,7 @@ fi %defattr(0750,root,netdata,0750) # CAP_NET_ADMIN needed for WireGuard collector # CAP_NET_RAW needed for ping collector -%caps(cap_net_admin,cap_net_raw=eip) %{_libexecdir}/%{name}/plugins.d/%{go_name} +%caps(cap_dac_read_search,cap_net_admin,cap_net_raw=eip) %{_libexecdir}/%{name}/plugins.d/%{go_name} %defattr(0644,root,netdata,0755) %{_libdir}/%{name}/conf.d/go.d.conf %{_libdir}/%{name}/conf.d/go.d diff --git a/packaging/makeself/install-or-update.sh b/packaging/makeself/install-or-update.sh index 63bf706e2e..b5b46e2b61 100755 --- a/packaging/makeself/install-or-update.sh +++ b/packaging/makeself/install-or-update.sh @@ -190,7 +190,7 @@ if command -v setcap >/dev/null 2>&1; then run setcap "cap_sys_admin=ep" "usr/libexec/netdata/plugins.d/perf.plugin" fi - run setcap "cap_net_admin,cap_net_raw=eip" "usr/libexec/netdata/plugins.d/go.d.plugin" + run setcap "cap_dac_read_search+epi cap_net_admin+epi cap_net_raw=eip" "usr/libexec/netdata/plugins.d/go.d.plugin" else for x in ndsudo apps.plugin perf.plugin slabinfo.plugin debugfs.plugin; do f="usr/libexec/netdata/plugins.d/${x}" |