With the 0.10 release, we integrated NetBird as a direct subprocess of EDGAR to allow running in a Docker Container and simplify the logic for interacting with NetBird.
Downside of this change is that we now need to also have the permissions that NetBird needs for managing interfaces and files. As such, it is currently not possible to run EDGAR without root permissions.
To resolve this, we presumably need to call setcap with the right Linux Capabilities for the right executables + ensure that all files/folders are accessible for the user that NetBird runs with (currently opendut_service).
In practice, this turned out to be more complex than expected as NetBird requires a rather broad set of permissions.
An initial attempt has been made here: a672e5a
With the 0.10 release, we integrated NetBird as a direct subprocess of EDGAR to allow running in a Docker Container and simplify the logic for interacting with NetBird.
Downside of this change is that we now need to also have the permissions that NetBird needs for managing interfaces and files. As such, it is currently not possible to run EDGAR without root permissions.
To resolve this, we presumably need to call
setcapwith the right Linux Capabilities for the right executables + ensure that all files/folders are accessible for the user that NetBird runs with (currentlyopendut_service).In practice, this turned out to be more complex than expected as NetBird requires a rather broad set of permissions.
An initial attempt has been made here: a672e5a