Hi Miroslav Thanks for the hint. I'll try setting the uds_address other than /var/run.
Regards, Chris -----Original Message----- From: Miroslav Lichvar [mailto:mlich...@redhat.com] Sent: Montag, 6. August 2018 10:15 To: Christian Leeb <christian.l...@ch.abb.com> Cc: linuxptp-users@lists.sourceforge.net Subject: Re: [Linuxptp-users] Capabilities for ptp4l CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. On Sun, Aug 05, 2018 at 07:50:36PM +0000, Christian Leeb wrote: > sudo setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_SYS_TIME=ep > /usr/bin/ptp4l > > > > ptp4l[17319.158]: uds: bind failed: Permission denied > > Is there any capability I can set to allow binding to an UDS socket? I think binding a Unix domain socket needs the same permissions as creating a normal file. If the user doesn't have write permissions on /var/run, the process would need CAP_DAC_OVERRIDE. Of course, with that capability it's almost the same as root setuid. A much better approach would be to add an option for dropping root privileges to ptp4l. Start with root, open all PHCs, bind sockets, etc and then drop the privileges, keeping only the SYS_TIME and maybe the BIND_SERVICE capabilities. -- Miroslav Lichvar ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Linuxptp-users mailing list Linuxptp-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linuxptp-users
