Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Additional useful capabilities #234

Merged
merged 1 commit into from
Jul 11, 2022
Merged

Additional useful capabilities #234

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions doc/nethogs.8
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,13 +108,18 @@ needs the
.I cap_net_admin
and
.I cap_net_raw
capabilities. These can be set on the executable by using the
capabilities. Additionally, to display process names,
.I cap_dac_read_search
and
.I cap_sys_ptrace
capabilities are required.
These can be set on the executable by using the
.BR setcap (8)
command, as follows:
.PP
.in +4n
.EX
sudo setcap "cap_net_admin,cap_net_raw+pe" /usr/local/sbin/nethogs
sudo setcap "cap_net_admin,cap_net_raw,cap_dac_read_search,cap_sys_ptrace+pe" /usr/local/sbin/nethogs
.EE
.in
.SH "Notes"
Expand Down
14 changes: 8 additions & 6 deletions src/main.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -215,15 +215,12 @@ int main(int argc, char **argv) {
forceExit(false, "No devices to monitor. Use '-a' to allow monitoring "
"loopback interfaces or devices that are not up/running");

if ((!tracemode) && (!DEBUG)) {
init_ui();
}

#ifndef __linux__
if (geteuid() != 0)
forceExit(false, "You need to be root to run NetHogs!");
#endif
// on Linux, we can run as non-root given the cap_net_admin and cap_net_raw capabilities
// on Linux, we can run as non-root given the cap_net_admin, cap_net_raw,
// cap_dac_read_search and cap_sys_ptrace capabilities

// use the Self-Pipe trick to interrupt the select() in the main loop
self_pipe = create_self_pipe();
Expand Down Expand Up @@ -291,7 +288,8 @@ int main(int argc, char **argv) {
if (nb_devices == nb_failed_devices) {
if (geteuid() != 0)
fprintf(stderr, "To run nethogs without being root, you need to enable "
"capabilities on the program (cap_net_admin, cap_new_raw). "
"capabilities on the program (cap_net_admin, cap_net_raw, "
"cap_dac_read_search, cap_sys_ptrace). "
"See the documentation for details.\n");
forceExit(false, "Error opening pcap handlers for all devices.\n");
}
Expand All @@ -300,6 +298,10 @@ int main(int argc, char **argv) {

struct dpargs *userdata = (dpargs *)malloc(sizeof(struct dpargs));

if ((!tracemode) && (!DEBUG)) {
init_ui();
}

// Main loop:
int refresh_count = 0;
while (1) {
Expand Down