From df87a538cfaba5014a752937714756b7c5d30c93 Mon Sep 17 00:00:00 2001 From: Ilya Mashchenko Date: Mon, 31 Oct 2022 16:39:20 +0200 Subject: feat(packaging): add CAP_NET_RAW to go.d.plugin (#13909) --- contrib/debian/netdata.postinst | 2 +- netdata-installer.sh | 2 +- netdata.spec.in | 2 +- packaging/makeself/install-or-update.sh | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/contrib/debian/netdata.postinst b/contrib/debian/netdata.postinst index cf6a760604..daea8cb402 100644 --- a/contrib/debian/netdata.postinst +++ b/contrib/debian/netdata.postinst @@ -64,7 +64,7 @@ case "$1" in fi if [ -f "/usr/libexec/netdata/plugins.d/go.d.plugin" ]; then - setcap cap_net_admin+epi /usr/libexec/netdata/plugins.d/go.d.plugin + setcap "cap_net_admin+epi cap_net_raw=eip" /usr/libexec/netdata/plugins.d/go.d.plugin fi chmod 4750 /usr/libexec/netdata/plugins.d/cgroup-network diff --git a/netdata-installer.sh b/netdata-installer.sh index a466447238..94745a2951 100755 --- a/netdata-installer.sh +++ b/netdata-installer.sh @@ -1441,7 +1441,7 @@ install_go() { fi run chmod 0750 "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/go.d.plugin" if command -v setcap 1>/dev/null 2>&1; then - run setcap cap_net_admin+epi "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/go.d.plugin" + run setcap "cap_net_admin+epi cap_net_raw=eip" "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/go.d.plugin" fi rm -rf "${tmp}" diff --git a/netdata.spec.in b/netdata.spec.in index a75e48ddaa..cbbe6ab736 100644 --- a/netdata.spec.in +++ b/netdata.spec.in @@ -516,7 +516,7 @@ rm -rf "${RPM_BUILD_ROOT}" %attr(4750,root,netdata) %{_libexecdir}/%{name}/plugins.d/freeipmi.plugin # go.d.plugin (the capability required for wireguard module) -%caps(cap_net_admin=epi) %{_libexecdir}/%{name}/plugins.d/go.d.plugin +%caps(cap_net_admin,cap_net_raw=eip) %{_libexecdir}/%{name}/plugins.d/go.d.plugin # Enforce 0644 for files and 0755 for directories # for the netdata web directory diff --git a/packaging/makeself/install-or-update.sh b/packaging/makeself/install-or-update.sh index aef67a156d..be2b2f75f8 100755 --- a/packaging/makeself/install-or-update.sh +++ b/packaging/makeself/install-or-update.sh @@ -215,7 +215,7 @@ for x in apps.plugin freeipmi.plugin ioping cgroup-network ebpf.plugin perf.plug done if [ -f "usr/libexec/netdata/plugins.d/go.d.plugin" ] && command -v setcap 1>/dev/null 2>&1; then - run setcap cap_net_admin+epi "usr/libexec/netdata/plugins.d/go.d.plugin" + run setcap "cap_net_admin+epi cap_net_raw=eip" "usr/libexec/netdata/plugins.d/go.d.plugin" fi # fix the fping binary -- cgit v1.2.3