Bug 2175227

Summary: rsyslog capabilities dropping breaks udpspoof
Product: Red Hat Enterprise Linux 9 Reporter: Dalibor Pospíšil <dapospis>
Component: rsyslogAssignee: Attila Lakatos <alakatos>
Status: CLOSED ERRATA QA Contact: Dalibor Pospíšil <dapospis>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.2CC: lvrabec, rsroka
Target Milestone: rcKeywords: Regression, Triaged, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 2176387 (view as bug list) Environment:
Last Closed: 2023-11-07 08:33:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2176387    

Description Dalibor Pospíšil 2023-03-03 15:43:41 UTC 
Description of problem:
The udpspoof module does not work correctly since the capabilities dropping feature was introduced.

Version-Release number of selected component (if applicable):
rsyslog-8.2102.0-111.el9

How reproducible:
100%

Steps to Reproduce:
1. use linked test

Actual results:
no message delivered

Expected results:
messages delivered
Comment 2 Attila Lakatos 2023-03-06 08:21:35 UTC 
It seems like that the libnet library for the udpspoof plugin fails to initialize.
We use the libnet_init(
		    LIBNET_RAW4,                            /* injection type */
		    NULL,                                   /* network interface */
		    pWrkrData->errbuf);                     /* errbuf */
function to create the libnet environment. However, the use of RAW sockets is defined here, which means that we need the CAP_NET_RAW capability, otherwise the plugin can not be initialized. Will create a scratch to double-check my theory.
Comment 3 Attila Lakatos 2023-03-06 09:15:26 UTC 
(In reply to Attila Lakatos from comment #2)
> It seems like that the libnet library for the udpspoof plugin fails to
> initialize.
> We use the libnet_init(
> 		    LIBNET_RAW4,                            /* injection type */
> 		    NULL,                                   /* network interface */
> 		    pWrkrData->errbuf);                     /* errbuf */
> function to create the libnet environment. However, the use of RAW sockets
> is defined here, which means that we need the CAP_NET_RAW capability,
> otherwise the plugin can not be initialized. Will create a scratch to
> double-check my theory.

Scratch-build: https://kojihub.stream.rdu2.redhat.com/koji/taskinfo?taskID=2041341
It passes the test suite, because the libnet library can be successfully initialized.
Comment 20 errata-xmlrpc 2023-11-07 08:33:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (rsyslog bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:6444