Running ZeroMQ Applications – Not a Trivial Thing
I finally got ZeroMQ integrated into my application library and wrote a few test clients - one to send and the other to receive. When I tried to run them I got the following error:
$ zmqReceiver ..(startup)... (process:8444): Pgm-WARNING **: DSCP setting requires CAP_NET_ADMIN of ADMIN capability.
I seemed to remember something about this in the mailing list, but try as I might, I wasn't able to find that bloody reference again, and so I was stuck trying to figure this out from scratch.
Basically, because of the way OpenPGM runs, it essentially requires "privileged" access on the network drivers. OK, I can believe that. So how to I accomplish that? My limited google fu yields that the command setcap should do the trick, but that command is not on the CentOS 5 install I have, and yet the command execcap is.
It seems that the execcap runs the single command with the specified capabilities, so if I do:
$ sudo /usr/sbin/execcap 'cap_net_admin=eip' ./zmqReceiver
then all runs well.
Sort of.
We still run into the problem of LD_LIBRARY_PATH not being transferred, so I ended up making a simple script that set the LD_LIBRARY_PATH and then called the command and that script I put in the execcap command to get things working.
And they worked wonderfully.
Now I need to find a way to make it "stick" without running it as root.
[7/26] UPDATE: when I came in this morning, the linux server I code on had been rebooted. Odd... so I decided to check and see what the state of the CAP_NET_ADMIN capabilities was. Lo and behold... it was fixed! Seems the admin guy had to reboot the box to make the change, and made it he did. I can now launch these processes without the grief of the launch script or execcap. Sweet!