fix(packaging): add CAP_NET_ADMIN for go.d.plugin (#13507)
This commit is contained in:
parent
5b6a8ccbfb
commit
80e9a6992f
|
@ -63,6 +63,10 @@ case "$1" in
|
||||||
setcap cap_sys_admin+ep /usr/libexec/netdata/plugins.d/perf.plugin
|
setcap cap_sys_admin+ep /usr/libexec/netdata/plugins.d/perf.plugin
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -f "/usr/libexec/netdata/plugins.d/go.d.plugin" ]; then
|
||||||
|
setcap cap_net_admin+epi /usr/libexec/netdata/plugins.d/go.d.plugin
|
||||||
|
fi
|
||||||
|
|
||||||
chmod 4750 /usr/libexec/netdata/plugins.d/cgroup-network
|
chmod 4750 /usr/libexec/netdata/plugins.d/cgroup-network
|
||||||
chmod 4750 /usr/libexec/netdata/plugins.d/nfacct.plugin
|
chmod 4750 /usr/libexec/netdata/plugins.d/nfacct.plugin
|
||||||
|
|
||||||
|
|
|
@ -1443,6 +1443,9 @@ install_go() {
|
||||||
run chown "root:${NETDATA_GROUP}" "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/go.d.plugin"
|
run chown "root:${NETDATA_GROUP}" "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/go.d.plugin"
|
||||||
fi
|
fi
|
||||||
run chmod 0750 "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/go.d.plugin"
|
run chmod 0750 "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/go.d.plugin"
|
||||||
|
if command -v setcap 1>/dev/null 2>&1; then
|
||||||
|
run setcap cap_net_admin+epi "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/go.d.plugin"
|
||||||
|
fi
|
||||||
rm -rf "${tmp}"
|
rm -rf "${tmp}"
|
||||||
|
|
||||||
[ -n "${GITHUB_ACTIONS}" ] && echo "::endgroup::"
|
[ -n "${GITHUB_ACTIONS}" ] && echo "::endgroup::"
|
||||||
|
|
|
@ -515,6 +515,9 @@ rm -rf "${RPM_BUILD_ROOT}"
|
||||||
# freeipmi files
|
# freeipmi files
|
||||||
%attr(4750,root,netdata) %{_libexecdir}/%{name}/plugins.d/freeipmi.plugin
|
%attr(4750,root,netdata) %{_libexecdir}/%{name}/plugins.d/freeipmi.plugin
|
||||||
|
|
||||||
|
# go.d.plugin (the capability required for wireguard module)
|
||||||
|
%caps(cap_net_admin=epi) %{_libexecdir}/%{name}/plugins.d/go.d.plugin
|
||||||
|
|
||||||
# Enforce 0644 for files and 0755 for directories
|
# Enforce 0644 for files and 0755 for directories
|
||||||
# for the netdata web directory
|
# for the netdata web directory
|
||||||
%defattr(0644,root,root,0755)
|
%defattr(0644,root,root,0755)
|
||||||
|
|
|
@ -214,6 +214,10 @@ for x in apps.plugin freeipmi.plugin ioping cgroup-network ebpf.plugin perf.plug
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
if [ -f "usr/libexec/netdata/plugins.d/go.d.plugin" ] && command -v setcap 1>/dev/null 2>&1; then
|
||||||
|
run setcap cap_net_admin+epi "usr/libexec/netdata/plugins.d/go.d.plugin"
|
||||||
|
fi
|
||||||
|
|
||||||
# fix the fping binary
|
# fix the fping binary
|
||||||
if [ -f bin/fping ]; then
|
if [ -f bin/fping ]; then
|
||||||
run chown root:${NETDATA_GROUP} bin/fping
|
run chown root:${NETDATA_GROUP} bin/fping
|
||||||
|
|
Loading…
Reference in New Issue