From f29ece85cc8159c238a69596d6364fa5d1a29f10 Mon Sep 17 00:00:00 2001 From: Vivek Date: Fri, 26 Jul 2024 06:47:02 -0700 Subject: [PATCH] [sflow]: Enable linux capabilities on sflow container for kernel 6.1.94 compatibility (#19700) Starting 6.1.94, Kernel mandates the process to have SYS_ADMIN/NET_ADMIN capability to join events/packets multicast group respectively PSAMPLE used packets and DROPMON uses events Ref: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=e03781879a0d https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=44ec98ea5ea9 Without this, the following error is observed and host-sflow couldn't use psample and NET_DB 2024 Jul 24 22:38:35.140784 r-tigris-04 ERR sflow#hsflowd: error joining PSAMPLE netlink group 20 : Operation not permitted 2024 Jul 24 22:38:35.849822 r-tigris-04 ERR sflow#hsflowd: error joining DROPMON netlink group 1 : Operation not permitted Signed-off-by: Vivek Reddy --- rules/docker-sflow.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/docker-sflow.mk b/rules/docker-sflow.mk index ece35f5cb8d0..cf54436a0910 100644 --- a/rules/docker-sflow.mk +++ b/rules/docker-sflow.mk @@ -30,7 +30,7 @@ SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_SFLOW_DBG) endif $(DOCKER_SFLOW)_CONTAINER_NAME = sflow -$(DOCKER_SFLOW)_RUN_OPT += -t +$(DOCKER_SFLOW)_RUN_OPT += -t --cap-add=NET_ADMIN --cap-add=SYS_ADMIN $(DOCKER_SFLOW)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro $(DOCKER_SFLOW)_RUN_OPT += -v /etc/timezone:/etc/timezone:ro $(DOCKER_SFLOW)_RUN_OPT += -v /host/warmboot:/var/warmboot