Description of problem: The suricata IDS system wants to change uid while retaining the CAP_NET_RAW capability. Libnet errors out saying that uid 0 is required. Checking for uid 0 is just a simple way of testing for capabilities. It should check the capability rather than uid. Version-Release number of selected component (if applicable): 1.1.4-3
Created attachment 412165 [details] patch attempting to fix the problem This patch necessitates adding "BuildRequires: libcap-ng-devel" and putting "autoreconf -fv --install" before configure.
I've forwarded the patch to upstream. If upstream accepts the patch, I'll apply it for Fedora.
Steve, upstream told me: "There's an alternate fix for this on the head, simply not checking, and erroring out if we can't open the socket. Can you check that works for you?" -> http://github.com/sam-github/libnet Is upstream's solution solving the issue for you? And if not, why exactly?
I did not test the new code, but I reviewed this patch: http://github.com/sam-github/libnet/commit/671742244c20804c9e935326e3649dac3382f17a It appears to solve the problem. I suppose pushing that into rawhide would be helpful. Thanks.
Package: libnet-1.1.4-4.fc14 Tag: dist-f14 Status: complete Built by: robert