Check raw socket #41
Check raw socket #41
Conversation
|
I think an ideal way to do this would be to write a small C program to handle this specific thing, I did such a thing for Thoughts? |
|
Could you elaborate a bit on how this might work or reference the code for arm? |
|
arm is the anonymizing relay monitor - just to be clear - i just wrote a small C program that ran an absolute path with elevated privs - I didn't want all of python and all code under a given python to have elevated ability. |
|
ah, so we would add something like bin/ooniprobe-privileged ? And we would need a mechanism to determine what privileges are required by a test and whether or not it is running with those privileges? The latter is what this pull request is addressing - which is a separate task from isolating which commands may be run with elevated privileges. |
|
@ioerror are you going to review this? |
|
@ioerror, if you would like to add a feature branch for that C setuid/setcap program, that would be awesome. For now, I am going to consider this a separate issue because these patches determine if the program has/wants the ability to create raw sockets, which is want ooni-probe wants (we don't actually want all of root's privileges). |
|
I'm approving and merging. I think that having an entirely separate program, while really cool and a great idea, is a separate issue from tests being able to determine if they need raw sockets. |
If you'd rather not use OONI as root, you can setcap python. This set of commits tests experimentally for raw socket support first before asking for root.