From 1b3eb5b42fc8b5d04056c49f8b6d94668d913492 Mon Sep 17 00:00:00 2001
From: Ilya Mashchenko <ilya@netdata.cloud>
Date: Thu, 11 Jan 2024 17:31:20 +0200
Subject: [PATCH] packaging: add cap_dac_read_search to go.d.plugin (#16754)

---
 contrib/debian/netdata-plugin-go.postinst | 2 +-
 netdata-installer.sh                      | 2 +-
 netdata.spec.in                           | 2 +-
 packaging/makeself/install-or-update.sh   | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/contrib/debian/netdata-plugin-go.postinst b/contrib/debian/netdata-plugin-go.postinst
index 70d67aaa13..e8604929e0 100644
--- a/contrib/debian/netdata-plugin-go.postinst
+++ b/contrib/debian/netdata-plugin-go.postinst
@@ -6,7 +6,7 @@ case "$1" in
   configure|reconfigure)
     chown root:netdata /usr/libexec/netdata/plugins.d/go.d.plugin
     chmod 0750 /usr/libexec/netdata/plugins.d/go.d.plugin
-    if ! setcap "cap_net_admin=eip cap_net_raw=eip" /usr/libexec/netdata/plugins.d/go.d.plugin; then
+    if ! setcap "cap_dac_read_search+epi cap_net_admin=eip cap_net_raw=eip" /usr/libexec/netdata/plugins.d/go.d.plugin; then
         chmod -f 4750 /usr/libexec/netdata/plugins.d/go.d.plugin
     fi
     ;;
diff --git a/netdata-installer.sh b/netdata-installer.sh
index 5fb8cf9741..3eb61a13e5 100755
--- a/netdata-installer.sh
+++ b/netdata-installer.sh
@@ -1620,7 +1620,7 @@ install_go
 
 if [ -f "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/go.d.plugin" ]; then
   if command -v setcap 1>/dev/null 2>&1; then
-    run setcap "cap_net_admin+epi cap_net_raw=eip" "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/go.d.plugin"
+    run setcap "cap_dac_read_search+epi cap_net_admin+epi cap_net_raw=eip" "${NETDATA_PREFIX}/usr/libexec/netdata/plugins.d/go.d.plugin"
   fi
 fi
 
diff --git a/netdata.spec.in b/netdata.spec.in
index e31b96f405..372a2c67b4 100644
--- a/netdata.spec.in
+++ b/netdata.spec.in
@@ -993,7 +993,7 @@ fi
 %defattr(0750,root,netdata,0750)
 # CAP_NET_ADMIN needed for WireGuard collector
 # CAP_NET_RAW needed for ping collector
-%caps(cap_net_admin,cap_net_raw=eip) %{_libexecdir}/%{name}/plugins.d/%{go_name}
+%caps(cap_dac_read_search,cap_net_admin,cap_net_raw=eip) %{_libexecdir}/%{name}/plugins.d/%{go_name}
 %defattr(0644,root,netdata,0755)
 %{_libdir}/%{name}/conf.d/go.d.conf
 %{_libdir}/%{name}/conf.d/go.d
diff --git a/packaging/makeself/install-or-update.sh b/packaging/makeself/install-or-update.sh
index 63bf706e2e..b5b46e2b61 100755
--- a/packaging/makeself/install-or-update.sh
+++ b/packaging/makeself/install-or-update.sh
@@ -190,7 +190,7 @@ if command -v setcap >/dev/null 2>&1; then
         run setcap "cap_sys_admin=ep" "usr/libexec/netdata/plugins.d/perf.plugin"
     fi
 
-    run setcap "cap_net_admin,cap_net_raw=eip" "usr/libexec/netdata/plugins.d/go.d.plugin"
+    run setcap "cap_dac_read_search+epi cap_net_admin+epi cap_net_raw=eip" "usr/libexec/netdata/plugins.d/go.d.plugin"
 else
   for x in ndsudo apps.plugin perf.plugin slabinfo.plugin debugfs.plugin; do
     f="usr/libexec/netdata/plugins.d/${x}"