Capabilities CAP_NET_ADMIN for using system call

Michael65589 · 10-21-2019, 09:29 AM

Hello,
I want to use a systemcall (ip link set can0 up) in my c-programm that have no root privileges. Therefor I set the capabilities to CAP_NET_RAW and CAP_NET_ADMIN.
But I always get a permission error message. When I set the capabilities to the ip program it works.
How can I get my program working without touching the capabilities of ip program?

Thanks

smallpond · 10-21-2019, 10:54 AM

Instead of calling the ip program, set the link up by calling the ioctl directly. On ethernet you would call the SIOCSIFFLAGS ioctl with ifr_flags = IFF_UP. Not sure on can bus.

NevemTeve · 10-21-2019, 11:29 AM

That's what sudo is good for.

Michael65589 · 10-23-2019, 02:40 AM

I solved my problem by using netlink communikation for configuration. Furthermore I set the capabilities to CAP_NET_RAW and CAP_NET_ADMIN.

So I can execute my application with user privileges.

I also tried to use a system call in my application to ip link .... and use setuid for my applicaton but without success.

I set the user and group for my application to root, then setuid and setgid. Call my application as user show a permission denied issue when the application do the system call.