Task #8691: Cobalt: add cap_sys_resource to list of capabilities. Used for...

Task #8691: Cobalt: add cap_sys_resource to list of capabilities. Used for setrlimit if we don't have cap_sys_admin.

RTCP/Cobalt/OutputProc/etc/sudoers.d/setcap_cobalt

 ## Allows lofarbuild to add the listed capabilities to any single writable file for automated roll-out.
 ## Attempts to disallow adding another set of capabilities.
 ## Does not attempt to disallow adding the listed capabilities to other files, which would be trivial to bypass.
-Cmnd_Alias SETCAP_COBALT = /sbin/setcap cap_net_raw\,cap_sys_nice\,cap_ipc_lock=ep *, ! /sbin/setcap cap_net_raw\,cap_sys_nice\,cap_ipc_lock=ep * *
+Cmnd_Alias SETCAP_COBALT = /sbin/setcap cap_net_raw\,cap_sys_nice\,cap_sys_resource\,cap_ipc_lock=ep *, ! /sbin/setcap cap_net_raw\,cap_sys_nice\,cap_sys_resource\,cap_ipc_lock=ep * *
 lofarbuild ALL = (root) NOPASSWD: SETCAP_COBALT

SubSystems/Dragnet/scripts/LOFAR-Dragnet-deploy.sh

@@ -107,9 +107,9 @@ for host in $nodelist; do
     rm -- \"$lofar_versions_root/$archive\" && \
     cd $lofar_versions_root && \
     ( [ -z \"$envmodfilename\" ] || mv $envmodfilename /etc/modulefiles/lofar/ ) && \
-    sudo -n /sbin/setcap cap_net_raw,cap_sys_nice,cap_ipc_lock=ep $prefix/bin/rtcp && \
-    sudo -n /sbin/setcap cap_net_raw,cap_sys_nice,cap_ipc_lock=ep $prefix/bin/outputProc && \
-    sudo -n /sbin/setcap cap_net_raw,cap_sys_nice,cap_ipc_lock=ep $prefix/bin/TBB_Writer && \
+    sudo -n /sbin/setcap cap_net_raw,cap_sys_nice,cap_sys_resource,cap_ipc_lock=ep $prefix/bin/rtcp && \
+    sudo -n /sbin/setcap cap_net_raw,cap_sys_nice,cap_sys_resource,cap_ipc_lock=ep $prefix/bin/outputProc && \
+    sudo -n /sbin/setcap cap_net_raw,cap_sys_nice,cap_sys_resource,cap_ipc_lock=ep $prefix/bin/TBB_Writer && \
     sync
   " >&2 &
   status_arr2[$arr2_i]=$!