From be7d342afcf7b5b656a8c57d9b833b32834b539d Mon Sep 17 00:00:00 2001
From: Alexander van Amesfoort <amesfoort@astron.nl>
Date: Sat, 18 Mar 2017 00:51:12 +0000
Subject: [PATCH] Task #8691: Cobalt: add cap_sys_resource to list of
 capabilities. Used for setrlimit if we don't have cap_sys_admin.

---
 RTCP/Cobalt/OutputProc/etc/sudoers.d/setcap_cobalt | 2 +-
 SubSystems/Dragnet/scripts/LOFAR-Dragnet-deploy.sh | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/RTCP/Cobalt/OutputProc/etc/sudoers.d/setcap_cobalt b/RTCP/Cobalt/OutputProc/etc/sudoers.d/setcap_cobalt
index df16728cb6d..eb1dc38526c 100644
--- a/RTCP/Cobalt/OutputProc/etc/sudoers.d/setcap_cobalt
+++ b/RTCP/Cobalt/OutputProc/etc/sudoers.d/setcap_cobalt
@@ -1,5 +1,5 @@
 ## Allows lofarbuild to add the listed capabilities to any single writable file for automated roll-out.
 ## Attempts to disallow adding another set of capabilities.
 ## Does not attempt to disallow adding the listed capabilities to other files, which would be trivial to bypass.
-Cmnd_Alias SETCAP_COBALT = /sbin/setcap cap_net_raw\,cap_sys_nice\,cap_ipc_lock=ep *, ! /sbin/setcap cap_net_raw\,cap_sys_nice\,cap_ipc_lock=ep * *
+Cmnd_Alias SETCAP_COBALT = /sbin/setcap cap_net_raw\,cap_sys_nice\,cap_sys_resource\,cap_ipc_lock=ep *, ! /sbin/setcap cap_net_raw\,cap_sys_nice\,cap_sys_resource\,cap_ipc_lock=ep * *
 lofarbuild ALL = (root) NOPASSWD: SETCAP_COBALT
diff --git a/SubSystems/Dragnet/scripts/LOFAR-Dragnet-deploy.sh b/SubSystems/Dragnet/scripts/LOFAR-Dragnet-deploy.sh
index 0f63428bd54..e9b1e6b634e 100755
--- a/SubSystems/Dragnet/scripts/LOFAR-Dragnet-deploy.sh
+++ b/SubSystems/Dragnet/scripts/LOFAR-Dragnet-deploy.sh
@@ -107,9 +107,9 @@ for host in $nodelist; do
     rm -- \"$lofar_versions_root/$archive\" && \
     cd $lofar_versions_root && \
     ( [ -z \"$envmodfilename\" ] || mv $envmodfilename /etc/modulefiles/lofar/ ) && \
-    sudo -n /sbin/setcap cap_net_raw,cap_sys_nice,cap_ipc_lock=ep $prefix/bin/rtcp && \
-    sudo -n /sbin/setcap cap_net_raw,cap_sys_nice,cap_ipc_lock=ep $prefix/bin/outputProc && \
-    sudo -n /sbin/setcap cap_net_raw,cap_sys_nice,cap_ipc_lock=ep $prefix/bin/TBB_Writer && \
+    sudo -n /sbin/setcap cap_net_raw,cap_sys_nice,cap_sys_resource,cap_ipc_lock=ep $prefix/bin/rtcp && \
+    sudo -n /sbin/setcap cap_net_raw,cap_sys_nice,cap_sys_resource,cap_ipc_lock=ep $prefix/bin/outputProc && \
+    sudo -n /sbin/setcap cap_net_raw,cap_sys_nice,cap_sys_resource,cap_ipc_lock=ep $prefix/bin/TBB_Writer && \
     sync
   " >&2 &
   status_arr2[$arr2_i]=$!
-- 
GitLab