Review at https://gerrit.osmocom.org/4662
OsmoGSMTester: Document how to setup main unit to set CAP_NET_RAW as non-root Change-Id: I011beaa929efcabe9a9dc4f9c7222ba36fa2aae4 --- M OsmoGSMTester/chapters/install.adoc 1 file changed, 30 insertions(+), 0 deletions(-) git pull ssh://gerrit.osmocom.org:29418/osmo-gsm-manuals refs/changes/62/4662/1 diff --git a/OsmoGSMTester/chapters/install.adoc b/OsmoGSMTester/chapters/install.adoc index aaf4d39..146dae1 100644 --- a/OsmoGSMTester/chapters/install.adoc +++ b/OsmoGSMTester/chapters/install.adoc @@ -486,6 +486,36 @@ gpasswd -a jenkins usrp ---- +==== Allow CAP_NET_RAW capability + +Certain binaries require 'CAP_NET_RAW' to be set, like 'osmo-bts-octphy' as it +uses a 'AF_PACKET' socket. + +To be able to set the following capability without being root, osmo-gsm-tester +uses sudo to gain permissions to set the capability. + +This is the script that osmo-gsm-tester expects on the main unit: + +---- +echo /usr/local/bin/osmo-gsm-tester_setcap_net_raw.sh <<EOF +#!/bin/bash +/sbin/setcap cap_net_raw+ep $1 +EOF +chmod +x /usr/local/bin/osmo-gsm-tester_setcap_net_raw.sh +---- + +Now, again on the main unit, we need to provide sudo access to this script for +osmo-gsm-tester: + +---- +echo "%osmo-gsm-tester ALL=(root) NOPASSWD: /usr/local/bin/osmo-gsm-tester_setcap_net_raw.sh" > /etc/sudoers.d/osmo-gsm-tester_setcap_net_raw +chmod 0440 /etc/sudoers.d/osmo-gsm-tester_setcap_net_raw +---- + +The script file name 'osmo-gsm-tester_setcap_net_raw.sh' is important, as +osmo-gsm-tester expects to find a script with this name in '$PATH' at run time. + + ==== Log Rotation To avoid clogging up /var/log, it makes sense to choose a sane maximum log size: -- To view, visit https://gerrit.osmocom.org/4662 To unsubscribe, visit https://gerrit.osmocom.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I011beaa929efcabe9a9dc4f9c7222ba36fa2aae4 Gerrit-PatchSet: 1 Gerrit-Project: osmo-gsm-manuals Gerrit-Branch: master Gerrit-Owner: Pau Espin Pedrol <pes...@sysmocom.de>