Bug #4565
closed
nfd: Ethernet faces are not created
Added by Junxiao Shi over 6 years ago.
Updated over 6 years ago.
Description
NFD 0.6.1 does not support creating Ethernet faces after dropping privileges. The nfd package should setcap on /usr/bin/nfd to enable creating Ethernet faces.
- Status changed from New to Code review
- Assignee set to Junxiao Shi
- Start date deleted (
04/01/2018)
- % Done changed from 0 to 100
- Status changed from Code review to Closed
The committed solution does not work. Please reopen.
I'm getting warnings such as "pcap_activate: You don't have permission to capture on that device" and Ethernet multicast faces are not created.
If I'm reading capabilities(7) correctly, when the NFD thread changes its effective UID from 0 (root) to nonzero, all capabilities are automatically cleared. To prevent this from happening, the SECBIT_KEEP_CAPS securebits flag must be set on the process, using something like prctl(PR_SET_SECUREBITS, SECBIT_KEEP_CAPS).
The committed solution does not work. Please reopen.
The committed solution fulfills the requirement in nfd.conf. Any remaining problem belongs to NFD codebase, not packaging.
- Related to Bug #4647: Ethernet faces are not created after dropping privileges added
Also available in: Atom
PDF
Updated by 
Updated by