Grants the user permission to set up qdisc using the netlink socket
I have a program that uses Libnl and tries to set up some qdiscs over a netlink socket.
How do I manage a program to get permission to set up QDISC?
know I can run it with
sudo, but it’s not my choice.
Is there a configuration file like
limits.conf to grant permissions to specific users?
After a lot of googling and looking at man pages, this seems impossible.
Qdisc is controlled by the following types of sockets (AF_NETLINK). Qdiscs uses netlink sockets to communicate with the kernel. For example, if you open a socket using sockets (RAW), you can set the Linux “capability” CAP_NET_RAW to the user you want to be able to use the original socket.
If you read the netlink online help pages, you’ll see that they require CAP_NET_ADMIN for other types of operations, but if you use the “setcap” command with this feature and then try to manipulate Qdisc as that user, you won’t appear to go to work.
If anyone knows of a better way, including patches for the Linux kernel, please post.