check and warn about capabilities misconfiguration

[collectd.git] / src / dns.c

diff --git a/src/dns.c b/src/dns.c
index 15fa15a..be6d0dc 100644 (file)
--- a/src/dns.c
+++ b/src/dns.c
@@ -35,6 +35,10 @@
 
 #include <pcap.h>
 
+#ifdef HAVE_SYS_CAPABILITY_H
+# include <sys/capability.h>
+#endif
+
 /*
  * Private data types
  */
@@ -347,6 +351,20 @@ static int dns_init (void)
 
        listen_thread_init = 1;
 
+#ifdef HAVE_SYS_CAPABILITY_H
+       if (check_capability (CAP_NET_RAW) != 0)
+       {
+               if (getuid () == 0)
+                       WARNING ("dns plugin: Running collectd as root, but the CAP_NET_RAW "
+                                       "capability is missing. The plugin's read function will probably "
+                                       "fail. Is your init system dropping capabilities ?");
+               else
+                       WARNING ("dns plugin: collectd doesn't have the CAP_NET_RAW capability. "
+                                       "If you don't want to run collectd as root, try running \"setcap "
+                                       "cap_net_raw=ep\" on the collectd binary.");
+       }
+#endif
+
        return (0);
 } /* int dns_init */