Add an extra check for capabilities when executing the commands

[dastergon]

Besides the execution of the commands as a root user, you can also employ Linux capabilities and apply CAP_NET_ADMIN and CAP_NET_RAW to tc and iptables in order to use them as a regular user.

In your root check , you could implement an extra check for those two capabilities and permit the execution or else raise an Exception or print an informative error. Currently, I am unable to use tcconfig tools due to that check and I have to modify the code and run it again.

How to use capabilities

Get the capabilities of a command:

 getcap /sbin/tc

Set capabilities to a command:

setcap cap_net_raw,cap_net_admin+ep /sbin/tc 

[thombashi]

@dastergon
Thank you for your feedback.
I will fix the issue in the future release by considering Linux capabilities at permission-check.

[dastergon]

Hey @thombashi,

Is there an ETA for the new release?

Thanks

[thombashi]

@dastergon
I could not promise the exact release date, but probably within several weeks.
I had limited time for now, the modification itself would relatively small.

[thombashi]

@dastergon
Sorry to keep you waiting.
I had released tcconfig 0.18.0 that supported Linux capabilities.

[dastergon]

@thombashi thanks a lot! cheers

[thombashi]

I'll close the issue.
Feel free to reopen if you have any problem with capabilities.