Skip to content

feat: add --net-admin option to install script #9953

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 3, 2023
Merged

feat: add --net-admin option to install script #9953

merged 1 commit into from
Oct 3, 2023

Conversation

coadler
Copy link
Contributor

@coadler coadler commented Sep 29, 2023

This allows the install script to add CAP_NET_ADMIN to the installed
binary with user consent. Combined with adding CAP_NET_ADMIN to the
agent binary, we see an increase of >50% in networking speeds.

@coadler
Copy link
Contributor Author

coadler commented Sep 29, 2023

Current dependencies on/for this PR:

This comment was auto-generated by Graphite.

@coadler coadler force-pushed the colin/featadd--net-adminoptiontoinstallscript branch from 59e3aee to fcf3ea2 Compare September 29, 2023 19:34
kylecarbs
kylecarbs reviewed Sep 29, 2023
View reviewed changes
Copy link
Member

@kylecarbs kylecarbs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we try to passively do this automatically? And then this would force failure instead?

@ammario Graphite App
Copy link
Member

ammario commented Sep 29, 2023

Agree with kyle. If we could do this optimistically in the agent and avoid additional configuration that would be awesome. We could apply a similar optimistic approach to niceness. (cc @sreya)

@coadler
Copy link
Contributor Author

coadler commented Sep 29, 2023

@kylecarbs @ammario Ideally yes, but I'd really like to learn all of the edge cases by having this opt-in for a bit. I'm using this as more of a feature flag for us to test and share with some customers. Once tested I'll make this automatic.

@coadler
Copy link
Contributor Author

coadler commented Sep 29, 2023
edited
Loading

For example, in Docker you can successfully add the capability to a binary. But if your container doesn't have the capability, the binary will always fail to run. There's also some security considerations when enabling this.

@coadler coadler requested a review from kylecarbs September 29, 2023 21:00
@coadler coadler force-pushed the colin/featadd--net-adminoptiontoinstallscript branch from fcf3ea2 to 9eb5a0e Compare September 29, 2023 21:03
@ammario
Copy link
Member

ammario commented Sep 30, 2023

👍🏽

@coadler
feat: add --net-admin option to install script
653cceb 
This allows the install script to add `CAP_NET_ADMIN` to the installed
binary with user consent. Combined with adding `CAP_NET_ADMIN` to the
agent binary, we see an increase of >50% in networking speeds.
@coadler coadler force-pushed the colin/featadd--net-adminoptiontoinstallscript branch from 9eb5a0e to 653cceb Compare October 3, 2023 22:56
@coadler coadler enabled auto-merge (squash) October 3, 2023 22:56
@coadler coadler merged commit 4ab5276 into main Oct 3, 2023
@coadler coadler deleted the colin/featadd--net-adminoptiontoinstallscript branch October 3, 2023 23:01
@github-actions github-actions bot locked and limited conversation to collaborators Oct 3, 2023
@coadler
Copy link
Contributor Author

coadler commented Oct 3, 2023
edited
Loading

Updates #9881

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@kylecarbs kylecarbs kylecarbs approved these changes

Assignees

@coadler coadler

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@coadler @ammario @kylecarbs