Open wieset opened 4 years ago
As per http://man7.org/linux/man-pages/man7/raw.7.html / https://linux.die.net/man/7/capabilities -
EDIT: can you give CAP_NET_RAW
to your executable so that you can use raw sockets without being user 0? See "File capabilities" section (esp. setcap
utility) in the linked capabilities documentation
EDIT 2: Oh - you already mentioned setcap
and that it removes LD_LIBRARY_PATH - I do not have an immediate idea then
+1 on this. I also think that libraries should be looked for in standard locations if the LD_LIBRARY_PATH env variable is not provided.
This is interesting. Thanks for posting! I'll read into it.
My use case:
Unexpectedly (for me that is), I got errors, and had to set LD_LIBRARY_PATH
manually. After setting this, it worked, but I expected the RMW library loader to look into /usr/lib
, this is where librmw_fastrtps_cpp.so
is located. So, I set LD_LIBRARY_PATH
to /usr/lib
, which feels a bit weird. It works for now though, so this is good!
This is addressed by https://github.com/ros2/rcpputils/pull/122 -- you then have to add the library directories to ldconfig, but that should be okay for most use-cases.
I already mentioned this in https://github.com/ros2/rcutils/issues/143, but thought it would warrant its own issue, as the use case might be common.
If a binary is run with capabilities set via
setcap
or with the setuid bit,LD_LIBRARY_PATH
is omitted during execution. Sincefind_library_path()
relies exclusively onLD_LIBRARY_PATH
, a ros2 node requiring root capabilities fails withIn our case, we need raw socket access in our node. Maybe introducing another environment variable like
RMW_LIBRARY_PATH
could solve this, or reading outRPATH
from the binary header. Any suggestions for a workaround in the meantime would be greatly appreciated!