changing capabilities via setcap prevents local library path for loading linked libraries
I'm trying to install Splunk on Lucid, using libcap2-bin tools to give splunkd access to open ports 443 and 514, without requiring root privileges.
This splunk page [1] indicates that it could be possible, but does not show that anyone was successful in achieving this.
I read the man page, and this page [2] to find a way to make it work.
I used the kernel module 'capable_probe' from here [3] to determine that /opt/splunk/
When I modified splunkd to have the correct permissions, splunkd will hang and fail to start, because it can not find the pcre libraries in /opt/splunk/lib. If I remove the setcap permissions, splunkd starts just fine.
How can I get splunkd to recognize it's local linked libraries?
$ sudo setcap 'cap_net_
$ sudo modprobe capable_probe
WARNING: All config files need .conf: /etc/modprobe.
$ jobs
[1]+ Running tail -f /var/log/messages &
$ sudo /etc/init.d/splunk restart
Jul 27 11:34:20 sea-splunk01 kernel: [67237.770215] cr_capable: asking for capability 197718528 for bash
Jul 27 11:34:20 sea-splunk01 kernel: [67237.770226] cr_capable: asking for capability 197720832 for bash
Jul 27 11:34:20 sea-splunk01 kernel: [67237.770229] cr_capable: asking for capability 197720832 for bash
Restarting Splunk...
splunkweb is not running.
Stopping splunkd...
Shutting down. Please wait, as this may take a few minutes.
Jul 27 11:34:22 sea-splunk01 kernel: [67239.956315] cr_capable: asking for capability 194287232 for sudo
Jul 27 11:34:22 sea-splunk01 kernel: [67239.956324] cr_capable: asking for capability 194281856 for sudo
Jul 27 11:34:22 sea-splunk01 kernel: [67239.956329] cr_capable: asking for capability 194284928 for sudo
Jul 27 11:34:22 sea-splunk01 kernel: [67239.956352] cr_capable: asking for capability 260497088 for sudo
Jul 27 11:34:22 sea-splunk01 kernel: [67239.957948] cr_capable: asking for capability 260490752 for sudo
Jul 27 11:34:22 sea-splunk01 kernel: [67239.957968] cr_capable: asking for capability 305859968 for sudo
Jul 27 11:34:22 sea-splunk01 kernel: [67239.957974] cr_capable: asking for capability 305857280 for sudo
Jul 27 11:34:22 sea-splunk01 kernel: [67239.957987] cr_capable: asking for capability 305863808 for sudo
Jul 27 11:34:22 sea-splunk01 kernel: [67239.958825] cr_capable: asking for capability 305859392 for sudo
Jul 27 11:34:22 sea-splunk01 kernel: [67239.958830] cr_capable: asking for capability 305856896 for sudo
Jul 27 11:34:22 sea-splunk01 kernel: [67239.960462] cr_capable: asking for capability 206681152 for sudo
Jul 27 11:34:22 sea-splunk01 kernel: [67239.960470] cr_capable: asking for capability 206677888 for sudo
Jul 27 11:34:22 sea-splunk01 kernel: [67239.964484] cr_capable: asking for capability 263122112 for su
Jul 27 11:34:22 sea-splunk01 kernel: [67239.964578] cr_capable: asking for capability 283436736 for su
Jul 27 11:34:22 sea-splunk01 kernel: [67239.964805] cr_capable: asking for capability 283435584 for su
.
Stopping splunk helpers...
Done.
Splunk> The IT Search Engine.
Checking prerequisites...
Checking http port [443]: open
Checking mgmt port [8089]: open
Checking configuration... Done.
Checking index directory... Done.
Checking databases...
Validated databases: _audit, _blocksignature, _internal, _thefishbucket, history, main, sample, summary
All preliminary checks passed.
splunkd: error while loading shared libraries: libpcre.so.0: cannot open shared object file: No such file or directory
[1] http://
[2] http://
[3] http://
Question information
- Language:
- English Edit question
- Status:
- Answered
- For:
- Ubuntu libcap2 Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Can you help with this problem?
Provide an answer of your own, or ask CP Scott for more information if necessary.