Bug #4565
closed
nfd: Ethernet faces are not created
100%
Description
NFD 0.6.1 does not support creating Ethernet faces after dropping privileges. The nfd package should setcap on /usr/bin/nfd to enable creating Ethernet faces.
Updated by Junxiao Shi over 6 years ago
- Status changed from New to Code review
- Assignee set to Junxiao Shi
- Start date deleted (
04/01/2018) - % Done changed from 0 to 100
Updated by Junxiao Shi over 6 years ago
- Status changed from Code review to Closed
Updated by Davide Pesavento over 6 years ago
The committed solution does not work. Please reopen.
I'm getting warnings such as "pcap_activate: You don't have permission to capture on that device" and Ethernet multicast faces are not created.
If I'm reading capabilities(7) correctly, when the NFD thread changes its effective UID from 0 (root) to nonzero, all capabilities are automatically cleared. To prevent this from happening, the SECBIT_KEEP_CAPS securebits flag must be set on the process, using something like prctl(PR_SET_SECUREBITS, SECBIT_KEEP_CAPS).
Updated by Junxiao Shi over 6 years ago
The committed solution does not work. Please reopen.
The committed solution fulfills the requirement in nfd.conf. Any remaining problem belongs to NFD codebase, not packaging.
Updated by Junxiao Shi over 6 years ago
- Related to Bug #4647: Ethernet faces are not created after dropping privileges added