Project

General

Profile

Bug #4647

Ethernet faces are not created after dropping privileges

Added by Junxiao Shi over 1 year ago. Updated 10 days ago.

Status:
New
Priority:
Normal
Category:
Faces
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
1.00 h

Description

In NFD 0.6.2 PPA package, nfd.conf drops root privilege and seteuid to "ndn" user, and the installation script executes setcap on the NFD binary.

As reported in #4565-3, this is ineffective because seteuid automatically clears all capabilities unless the SECBIT_KEEP_CAPS flag is set on the process, and Ethernet face creation fails with "pcap_activate: You don't have permission to capture on that device" error.

To fix this issue, PcapHelper should wrap pcap_activate in PrivilegeHelper::runElevated.


Related issues

Related to Packaging - Bug #4565: nfd: Ethernet faces are not createdClosed

Actions

History

#1

Updated by Junxiao Shi over 1 year ago

  • Related to Bug #4565: nfd: Ethernet faces are not created added
#2

Updated by Davide Pesavento over 1 year ago

  • Subject changed from Ethernet faces are not created after dropping privilege to Ethernet faces are not created after dropping privileges
  • Description updated (diff)
  • Assignee set to Davide Pesavento
#3

Updated by Davide Pesavento 10 days ago

  • Target version changed from v0.7 to v0.8

Also available in: Atom PDF