diff --git a/gns3server/modules/base_manager.py b/gns3server/modules/base_manager.py index 9d2e9a4b..ae28ce2c 100644 --- a/gns3server/modules/base_manager.py +++ b/gns3server/modules/base_manager.py @@ -311,7 +311,7 @@ class BaseManager: return vm @staticmethod - def _has_privileged_access(executable): + def has_privileged_access(executable): """ Check if an executable can access Ethernet and TAP devices in RAW mode. @@ -328,19 +328,20 @@ class BaseManager: if os.geteuid() == 0: # we are root, so we should have privileged access. return True - if os.stat(executable).st_mode & stat.S_ISUID or os.stat(executable).st_mode & stat.S_ISGID: + + if os.stat(executable).st_uid == 0 and (os.stat(executable).st_mode & stat.S_ISUID or os.stat(executable).st_mode & stat.S_ISGID): # the executable has set UID bit. return True # test if the executable has the CAP_NET_RAW capability (Linux only) - if sys.platform.startswith("linux") and "security.capability" in os.listxattr(executable): - try: + try: + if sys.platform.startswith("linux") and "security.capability" in os.listxattr(executable): caps = os.getxattr(executable, "security.capability") # test the 2nd byte and check if the 13th bit (CAP_NET_RAW) is set if struct.unpack("