Project

General

Profile

Actions

Bug #4565

closed

nfd: Ethernet faces are not created

Added by Junxiao Shi over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Ubuntu-PPA
Start date:
Due date:
% Done:

100%

Estimated time:
1.00 h

Description

NFD 0.6.1 does not support creating Ethernet faces after dropping privileges. The nfd package should setcap on /usr/bin/nfd to enable creating Ethernet faces.


Related issues 1 (0 open1 closed)

Related to NFD - Bug #4647: Ethernet faces are not created after dropping privilegesClosedJunxiao Shi

Actions
Actions #1

Updated by Junxiao Shi over 6 years ago

  • Status changed from New to Code review
  • Assignee set to Junxiao Shi
  • Start date deleted (04/01/2018)
  • % Done changed from 0 to 100
Actions #2

Updated by Junxiao Shi over 6 years ago

  • Status changed from Code review to Closed
Actions #3

Updated by Davide Pesavento over 6 years ago

The committed solution does not work. Please reopen.

I'm getting warnings such as "pcap_activate: You don't have permission to capture on that device" and Ethernet multicast faces are not created.

If I'm reading capabilities(7) correctly, when the NFD thread changes its effective UID from 0 (root) to nonzero, all capabilities are automatically cleared. To prevent this from happening, the SECBIT_KEEP_CAPS securebits flag must be set on the process, using something like prctl(PR_SET_SECUREBITS, SECBIT_KEEP_CAPS).

Actions #4

Updated by Junxiao Shi over 6 years ago

The committed solution does not work. Please reopen.

The committed solution fulfills the requirement in nfd.conf. Any remaining problem belongs to NFD codebase, not packaging.

Actions #5

Updated by Junxiao Shi over 6 years ago

  • Related to Bug #4647: Ethernet faces are not created after dropping privileges added
Actions

Also available in: Atom PDF