 |
Starting with Linux kernel versions 2.6.24 and up, an alternative to starting the Netprobe binary as root is already available, that is via the CAP_NET_RAW Linux capability. As root, run the command "setcap cap_net_raw+eip" against the Netprobe binary and it will bestow the privilege required by the Netprobe account to use the X-plugin, that is prevalent across Netprobe and system restart. |
 |
Take the following example, I started/instantiated my Netprobe binary using an account that is not root/privileged, jleon
Which produced the following message via the samplingStatus field in my X-services metric view
To run the setcap command and bestow the CAP_NET_RAW capability set on the Netprobe binary, ensure that your Linux OS version is 2.6.24 or above.
While the Netprobe instance is still up, I ran the setcap command against the Netprobe binary, but in doing so it did not effect change to the metrics view, it would still flash the FAILED message. To make the change effective, you MUST restart the Netprobe instance after running the setcap command.
When the privileges of netprobe is raised (e.g. via setcap/setuid), the runtime loader of Linux (ld.so) will not be able to load the libraries from the <netprobe directory>/lib64, as it will ignore RPATH and LD_LIBRARY_PATH. This is the way ld.so has been designed. In order for the libraries to be loaded, the path to the lib64 folder has to be added to the trusted paths of ld.so. This can be done by following the link below. After Netprobe restart, my X-Ping and X-Services metrics are now working;
|
Comments
0 comments
Please sign in to leave a comment.