fix(packaging): add CAP_NET_ADMIN for go.d.plugin (#13507)

contrib/debian/netdata.postinst

@@ -63,6 +63,10 @@ case "$1" in
         setcap cap_sys_admin+ep /usr/libexec/netdata/plugins.d/perf.plugin
     fi
 
+    if [ -f "/usr/libexec/netdata/plugins.d/go.d.plugin" ]; then
+      setcap cap_net_admin+epi /usr/libexec/netdata/plugins.d/go.d.plugin
+    fi
+
     chmod 4750 /usr/libexec/netdata/plugins.d/cgroup-network
     chmod 4750 /usr/libexec/netdata/plugins.d/nfacct.plugin
 

netdata-installer.sh

@@ -1443,6 +1443,9 @@ install_go() {
     run chown "root:${NETDATA_GROUP}" "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/go.d.plugin"
   fi
   run chmod 0750 "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/go.d.plugin"
+  if command -v setcap 1>/dev/null 2>&1; then
+    run setcap cap_net_admin+epi "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/go.d.plugin"
+  fi
   rm -rf "${tmp}"
 
   [ -n "${GITHUB_ACTIONS}" ] && echo "::endgroup::"

netdata.spec.in

@@ -515,6 +515,9 @@ rm -rf "${RPM_BUILD_ROOT}"
 # freeipmi files
 %attr(4750,root,netdata) %{_libexecdir}/%{name}/plugins.d/freeipmi.plugin
 
+# go.d.plugin (the capability required for wireguard module)
+%caps(cap_net_admin=epi) %{_libexecdir}/%{name}/plugins.d/go.d.plugin
+
 # Enforce 0644 for files and 0755 for directories
 # for the netdata web directory
 %defattr(0644,root,root,0755)

packaging/makeself/install-or-update.sh

@@ -214,6 +214,10 @@ for x in apps.plugin freeipmi.plugin ioping cgroup-network ebpf.plugin perf.plug
   fi
 done
 
+if [ -f "usr/libexec/netdata/plugins.d/go.d.plugin" ] && command -v setcap 1>/dev/null 2>&1; then
+  run setcap cap_net_admin+epi "usr/libexec/netdata/plugins.d/go.d.plugin"
+fi
+
 # fix the fping binary
 if [ -f bin/fping ]; then
   run chown root:${NETDATA_GROUP} bin/fping