Summary:ASTERISK-06863: [patch] allow Asterisk to set high ToS bits as non-root on Linux
Reporter:Matt Addison (maddison)Labels:patch
Date Opened:2006-04-27 14:47:27Date Closed:2006-09-27 16:49:34
Versions:Frequency of
Environment:Attachments:( 0) 20060612__bug7047.diff.txt
( 1) 20060905__bug7047__2.diff.txt
( 2) 20060905__bug7047.diff.txt
( 3) asterisk.linux.posix1e200604271654.patch
Description:By default, Linux restricts the ability of non-root users to set the high ToS bits for IP precedence/DSCP. Not being able to set these bits prevents users from classifying and prioritizing VoIP traffic on some routing equipment (any Cisco GSR line card that doesn't run Engine3 for example.). With some quick changes to asterisk.c and an extra library (libcap) we can have asterisk keep the cap_net_admin capability which permits it to set the high ToS bits. Tested on Linux (debian). Should compile cleanly on other platforms, including linux without libcap (in which case the feature should auto-omit itself through #ifndefs).
Comments:By: Jeffrey C. Ollie (jcollie) 2006-04-27 14:57:50

Should probably add a note to a README somewhere that the "cap_net_admin" lets the process keep a lot more privileges than setting TOS bits:


By: Joshua C. Colp (jcolp) 2006-04-27 15:00:03

We would also need a disclaimer on record. See the main page for details on that.

By: Jeffrey C. Ollie (jcollie) 2006-04-27 15:13:55

There is a copy/paste error in the patch.  The log message after prctl is incorrect.

By: Matt Addison (maddison) 2006-04-27 15:46:36

Disclaimer filed. Working on an updated patch.

By: Matt Addison (maddison) 2006-04-27 15:57:46

Uploaded new patch (200604271654).

Fixed copy/paste error.
Perhaps the note on security related to CAP_NET_ADMIN would be better placed in docs/security.txt?

diff'd against 22990

By: Tilghman Lesher (tilghman) 2006-04-28 09:44:19

Does this patch disable those permissions for child processes?  If not, we may want to also enable CAP_SETPCAP, so those permissions can be disabled for children.

I also see a number of other capabilities that might be useful, such as CAP_DAC_READ_SEARCH, CAP_FOWNER, and CAP_SYS_NICE.

Also, what is the possibility that we can enable these capabilities without including libcap?  While libcap creates a nice interface to these capabilities, it also introduces yet another external dependency.

By: Jeffrey C. Ollie (jcollie) 2006-04-28 09:57:44

You can see in this line:

cap = cap_from_text("cap_net_admin=ep");

The 'e' stands for 'effective', 'p' stands for 'permitted'.  Missing is 'i' for 'inhertitable'.


Yes, libcap an external dependency, but it'll be there on any Linux system that has capabilities.  

We might also want to add a command-line switch to tell Asterisk to change user/group but not to change the capabilities.

By: Serge Vecher (serge-v) 2006-06-07 14:29:48

maddison: are you still working on this? Need your response to Corydon76 and jcollie's suggestions. Thanks.

By: Tilghman Lesher (tilghman) 2006-06-12 13:58:25

Patch no longer applied.  Now updated to current trunk (plus some extra changes to make it work).

By: Tilghman Lesher (tilghman) 2006-09-05 16:21:32

Updated patch to current trunk

By: Joshua C. Colp (jcolp) 2006-09-27 16:49:33

Put into trunk as of revision 43830. Thanks you two!

By: Friendly Automation (friendly-automation) 2020-04-16 10:22:16.521-0500

Change 14246 merged by Friendly Automation:
install_prereq: Add libcap for high bits in DiffServ/ToS.


By: Friendly Automation (friendly-automation) 2020-04-16 10:30:55.480-0500

Change 14215 merged by Friendly Automation:
install_prereq: Add libcap for high bits in DiffServ/ToS.


By: Friendly Automation (friendly-automation) 2020-04-16 10:33:04.403-0500

Change 14245 merged by Friendly Automation:
install_prereq: Add libcap for high bits in DiffServ/ToS.


By: Friendly Automation (friendly-automation) 2020-04-16 10:38:04.712-0500

Change 14244 merged by George Joseph:
install_prereq: Add libcap for high bits in DiffServ/ToS.