From 23271dab7392bbc0d049d4bd80d4ed126cb547a8 Mon Sep 17 00:00:00 2001
From: Jan David Mol <mol@astron.nl>
Date: Thu, 17 Sep 2015 19:39:52 +0000
Subject: [PATCH] Task #8444: Give required capabilities to rtcp

---
 RTCP/Cobalt/GPUProc/src/scripts/Cobalt_install.sh    | 9 ++++-----
 SubSystems/Online_Cobalt/install/postinstall_root.sh | 8 ++++----
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/RTCP/Cobalt/GPUProc/src/scripts/Cobalt_install.sh b/RTCP/Cobalt/GPUProc/src/scripts/Cobalt_install.sh
index 6450daf819f..fa1531c76d5 100755
--- a/RTCP/Cobalt/GPUProc/src/scripts/Cobalt_install.sh
+++ b/RTCP/Cobalt/GPUProc/src/scripts/Cobalt_install.sh
@@ -49,11 +49,10 @@ for HOST in ${HOSTS:-cbm001 cbm002 cbm003 cbm004 cbm005 cbm006 cbm007 cbm008 cbm
   # cap_sys_nice: allow real-time priority for threads
   # cap_ipc_lock: allow app to lock in memory (prevent swap)
   # cap_net_raw:  allow binding sockets to NICs
-  # DISABLED: Rights are granted to lofarsys in /etc/security/capability.conf
-  #OUTPUTPROC_CAPABILITIES='cap_sys_nice,cap_ipc_lock'
-  #sudo /sbin/setcap \"${OUTPUTPROC_CAPABILITIES}\"=ep bin/outputProc || true
-  #RTCP_CAPABILITIES='cap_net_raw,cap_sys_nice,cap_ipc_lock'
-  #sudo /sbin/setcap \"${RTCP_CAPABILITIES}\"=ep bin/rtcp || true
+  OUTPUTPROC_CAPABILITIES='cap_sys_nice,cap_ipc_lock'
+  sudo /sbin/setcap \"${OUTPUTPROC_CAPABILITIES}\"=ep bin/outputProc || true
+  RTCP_CAPABILITIES='cap_net_raw,cap_sys_nice,cap_ipc_lock'
+  sudo /sbin/setcap \"${RTCP_CAPABILITIES}\"=ep bin/rtcp || true
   " || exit 1
 done
 
diff --git a/SubSystems/Online_Cobalt/install/postinstall_root.sh b/SubSystems/Online_Cobalt/install/postinstall_root.sh
index 1a95053cda9..029a8a2395e 100755
--- a/SubSystems/Online_Cobalt/install/postinstall_root.sh
+++ b/SubSystems/Online_Cobalt/install/postinstall_root.sh
@@ -7,10 +7,10 @@ echo "Giving /localhome/lofar to lofarbuild..."
 mkdir /localhome/lofar
 chown lofarbuild.lofarbuild /localhome/lofar
 
-echo "Giving capabilities to lofarsys..."
-# NOTE: the line added below needs to be inserted BEFORE 'none *'
-(echo "cap_net_raw,cap_sys_nice,cap_ipc_lock lofarsys"; grep -v lofarsys /etc/security/capability.conf) > /tmp/new-capability.conf
-mv /tmp/new-capability.conf /etc/security/capability.conf
+echo "Giving capabilities to lofarbuild..."
+addgroup --system capabilities
+usermod -a -G capabilities lofarbuild
+echo "%capabilities  ALL= NOPASSWD:/sbin/setcap" >> /etc/sudoers
 
 #
 # Casacore
-- 
GitLab