> 1. "Only processes with an effective UID of 0 or the CAP_NET_ADMIN capability may send or listen to a netlink multicast group."
This appears not to be true, at least in the case of rtnetlink and listening to multicast notifications for link additions and removals. https://play.golang.org/p/dn3-549-Ay First terminal: $ whoami matt $ go build $ getcap ./nlmcast $ ./nlmcast Second terminal: $ sudo ip link add type nlmon $ sudo ip link del dev nlmon0 Back to first terminal (./nlmcast still running): 2017/02/22 16:13:46 received 1 messages 2017/02/22 16:13:50 received 1 messages > 2. "NLM_F_ATOMIC requires the CAP_NET_ADMIN capability or an effective UID of 0." Yep, this is documented in my package: https://godoc.org/github.com/mdlayher/netlink#HeaderFlags I had read in some header, I think, that NLM_F_ATOMIC "may be obsolete". I haven't ever tried it. I should look into it. I'll also note this case in my post. - Matt On Wednesday, February 22, 2017 at 3:45:24 PM UTC-5, Steven Hartland wrote: > > It's required for read only in some situations too, for example we use it > here to listen for process exit codes. > > http://man7.org/linux/man-pages/man7/netlink.7.html > Mentions two separate cases: > 1. "Only processes with an effective UID of 0 or the CAP_NET_ADMIN > capability may send or listen to a netlink multicast group." > 2. "NLM_F_ATOMIC requires the CAP_NET_ADMIN capability or an effective UID > of 0." > > On 22/02/2017 18:24, Matt Layher wrote: > > Sure, I can make a note of this. Almost everything I've done with netlink > so far has been read-only, which is probably why I haven't run into any > issues. > > On Wednesday, February 22, 2017 at 1:13:26 PM UTC-5, Steven Hartland > wrote: >> >> One thing you don't mention, which we found particularly frustrating with >> netlink, is that using it can often need cap_net_admin :( >> >> On 22/02/2017 17:38, Matt Layher wrote: >> >> Hey all, >> >> I recently spent some time working with Linux's netlink IPC mechanism in >> Go. Because I had a hard time finding accurate information about netlink, >> I decided to do a write-up on some of its fundamental concepts, and how I >> was able to make use of them from Go. >> >> This post focuses on how netlink sockets and messages work, and how to >> work with them from Go or another language of your choice. >> >> You can find the first portion of that write-up, focusing on netlink, >> here: >> >> https://medium.com/@mdlayher/linux-netlink-and-go-part-1-netlink-4781aaeeaca8 >> >> I still have more to write regarding generic netlink and my high-level Go >> netlink and wifi packages themselves (parts 2 and 3). >> >> If you're just looking for some source code, check out: >> >> https://github.com/mdlayher/netlink >> https://github.com/mdlayher/wifi >> >> Happy to address any questions or comments here. Thanks for your time! >> >> - Matt Layher >> -- >> You received this message because you are subscribed to the Google Groups >> "golang-nuts" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> >> >> > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
