1

I am working on a project that requires using raw_sockets and raw sockets to work needs CAP_NET_RAW we used setcap and it worked fine, now the executable is on NFS, and nw setcap can’t be used is their a work around? Thanks in advance

I tried chown root and chmod u+s to increase prevelage of my executable but it didn’t work

Mostafa Ramadan
  • 11
  • 1
  • What options is this NFS mount mounted with? In other words, if you run `mount`, what options are listed in the line representing the NFS mount? – Nick ODell Dec 18 '22 at 06:09
  • 1
    Does this answer your question? [How to use Extended File Attributes on NFS?](https://stackoverflow.com/questions/24629459/how-to-use-extended-file-attributes-on-nfs) – paulsm4 Dec 18 '22 at 06:20

1 Answers1

2

Your app uses raw sockets, and raw sockets requires that the process have CAP_NET_RAW capability, correct?

https://manpages.ubuntu.com/manpages/kinetic/en/man7/packet.7.html,

In order to create a packet socket, a process must have the CAP_NET_RAW capability in the user namespace that governs its network namespace.

You've been relying on extended attributes to associate CAP_NET_RAW capability with your app's executable file, but your NFS server doesn't support this, correct?

Here's a potential workaround:

https://stackoverflow.com/a/44103544/421195

You can use fuse_xattrs (a fuse filesystem layer) to emulate extended attributes (xattrs) on NFS shares. Basically you have to do:

  1. mount the NFS share. e.g.: /mnt/shared_data

  2. mount the fuse xattr layer:

    $ fuse_xattrs /mnt/shared_data /mnt/shared_data_with_xattrs

Now all the files on /mnt/shared_data can be accessed on /mnt/shared_data_with_xattrs with xattrs support. The extended attributes will be stored on sidecar files. The extended attributes are not going to be stored on the server filesystem as extended attributes, they are going to be stored in sidecar files.

Sadly this is only a work-around.

disclaimer: I'm the author of fuse_xattrs.

fbarriga

paulsm4
  • 114,292
  • 17
  • 138
  • 190