[Chilli] Chilli 1.2.8 stable, use of CAP_NET_ADMIN and some other things...
francesco.colista at gmail.com
Tue Dec 6 18:43:32 UTC 2011
I'm just continue about hte coredump saga since 1.2.7, and as david
mention the new version should fix.
I'm using a 3.0.10 grsec kernel with patch for SSP on uclibc, the
distro is alpine linux (www.alpinelinux.org).
Those are the flag i used in order to compile 1.2.8 version (stable)
that is running atm.
./configure --prefix=/usr \
I need a clarification about this errors:
"use of CAP_NET_ADMIN in chroot denied for
/usr/sbin/chilli[chilli:1982] uid/euid:0/0 gid/egid:0/0, parent
/usr/sb0" <--- logs are plenty of this alert.
"coova-chilli: net.c: 114: 13 (Permission denied)
ioctl(SIOCSIFFLAGS) failed" <--- also i've a lot of this entry.
Now, i notice that the ioctl error is because coova-chilli is running
as root, and would be better use a non-privileged user.
i create chilli user and group, gives the apporpriate permission on the
directory of pidfile ( /var/run/chilli).
When the daemon starts, i obtaion a permission denied when chilli
modify routing table. What can i do ? Chilli is setuid.
I read about chilli-script, but never used it. Someone can points me to
the right direction?
About the first error, i tryied to setcap cap_net_admin+ep
/usr/sbin/chilli without result. This is what is returned:
Failed to set capabilities on file `/usr/sbin/chilli' (Operation not
Last point: would be very helpful having on the wiki a better
documentation about how this flags works and how use it :)
:: Francesco ::
Jabber: francesco at jabber.org
E-Mail: francesco at bsod.eu
More information about the Chilli