[iccpd] Interface Mac address update fails

[rajkumar38]

Description

Issue is related to privilege permissions set on docker-iccpd and introduced as part as PR #17835

2024 Jul 10 17:50:00.287714 DUT-2 NOTICE iccpd#iccpd: [update_if_ipmac_on_standby.NOTICE] Standby Change the system-id of PortChannel0022 from [00:E0:4B:6B:CF:86] to [00:E0:4B:70:A5:D6], dir 3
2024 Jul 10 17:50:00.287734 DUT-2 NOTICE iccpd#iccpd: [iccp_netlink_if_hwaddr_set.NOTICE] ifindex a0, mac 00:e0:4b:70:a5:d6, err -28
2024 Jul 10 17:50:00.287754 DUT-2 ERR iccpd#iccpd: [update_if_ipmac_on_standby.ERROR] Set PortChannel0022 mac error, ret = -28

Steps to reproduce the issue:

1. https://github.com/sonic-net/sonic-mgmt/blob/master/tests/mclag/test_mclag_l3.py:test_check_teamd_system_id
2. Try to manually set the mac of an interface from iccpd contrainer,

root@DUT-2:/home/admin# docker exec -ti iccpd bash
root@DUT-2:/# ip link set dev PortChannel0001 address 00:22:22:22:22:22
RTNETLINK answers: Operation not permitted

Describe the results you received:

Describe the results you expected:

Output of show version:

root@DUT-1:/home/admin# show version

SONiC Software Version: SONiC.202405.0-dirty-20240702.115316
SONiC OS Version: 12
Distribution: Debian 12.6
Kernel: 6.1.0-11-2-amd64
Build commit: 32b1f77bd
Build date: Tue Jul  2 14:28:11 UTC 2024
Built by: [email protected]

Platform: x86_64-marvell_db98cx8540_16cd-r0
HwSKU: db98cx8540_16cd
ASIC: marvell
ASIC Count: 1
Serial Number: NA
Model Number: NA
Hardware Revision: N/A
Uptime: 06:17:45 up 11:35,  1 user,  load average: 1.57, 1.42, 1.47
Date: Fri 12 Jul 2024 06:17:45

Docker images:
REPOSITORY                    TAG                              IMAGE ID       SIZE
docker-macsec                 latest                           6ca0a430bd74   345MB
docker-dhcp-relay             latest                           129fa233d60f   323MB
docker-syncd-mrvl             202405.0-dirty-20240702.115316   41f40f015bc3   536MB
docker-syncd-mrvl             latest                           41f40f015bc3   536MB
docker-teamd                  202405.0-dirty-20240702.115316   8f702ea92b22   342MB
docker-teamd                  latest                           8f702ea92b22   342MB
docker-sonic-mgmt-framework   202405.0-dirty-20240702.115316   3b4d6330011f   401MB
docker-sonic-mgmt-framework   latest                           3b4d6330011f   401MB
docker-snmp                   202405.0-dirty-20240702.115316   7a79c96a7710   353MB
docker-snmp                   latest                           7a79c96a7710   353MB
docker-sflow                  202405.0-dirty-20240702.115316   48263d84fb98   343MB
docker-sflow                  latest                           48263d84fb98   343MB
docker-router-advertiser      202405.0-dirty-20240702.115316   640f8cc0399c   314MB
docker-router-advertiser      latest                           640f8cc0399c   314MB
docker-platform-monitor       202405.0-dirty-20240702.115316   f3e8c17bdcaf   440MB
docker-platform-monitor       latest                           f3e8c17bdcaf   440MB
docker-orchagent              202405.0-dirty-20240702.115316   529a866f63b1   355MB
docker-orchagent              latest                           529a866f63b1   355MB
docker-nat                    202405.0-dirty-20240702.115316   df5834b2fce8   345MB
docker-nat                    latest                           df5834b2fce8   345MB
docker-mux                    202405.0-dirty-20240702.115316   27c9b7f06e3d   366MB
docker-mux                    latest                           27c9b7f06e3d   366MB
docker-lldp                   202405.0-dirty-20240702.115316   9dc751e54bdf   360MB
docker-lldp                   latest                           9dc751e54bdf   360MB
docker-iccpd                  202405.0-dirty-20240702.115316   c720c7448001   343MB
docker-iccpd                  latest                           c720c7448001   343MB
docker-sonic-gnmi             202405.0-dirty-20240702.115316   547e58338c1e   398MB
docker-sonic-gnmi             latest                           547e58338c1e   398MB
docker-fpm-frr                202405.0-dirty-20240702.115316   60f2e942322c   374MB
docker-fpm-frr                latest                           60f2e942322c   374MB
docker-eventd                 202405.0-dirty-20240702.115316   c6c86277e32e   314MB
docker-eventd                 latest                           c6c86277e32e   314MB
docker-database               202405.0-dirty-20240702.115316   0e1b0c1a964a   322MB
docker-database               latest                           0e1b0c1a964a   322MB

Output of show techsupport:

(paste your output here or download and attach the file here )

Additional information you deem important (e.g. issue happens only occasionally):

[rajkumar38]

Need to enable "--cap-add=NET_ADMIN".
Code PR #19324

[puffc]

@rajkumar38 Shall we close this issue because PR 19324 has been merged?

[rajkumar38]

@rajkumar38 Shall we close this issue because PR 19324 has been merged?

We need this fix in 202405. I don't see back port request in #19324. Can you help on this ?