[sflow]: Enable linux capabilities on sflow container for kernel 6.1.94 compatibility (sonic-net#19700)

vivekrnv · mssonicbld · commit f04b7d797a39 · 2024-08-02T22:07:14.000Z
Starting 6.1.94, Kernel mandates the process to have SYS_ADMIN/NET_ADMIN capability to join events/packets multicast group respectively PSAMPLE used packets and DROPMON uses events Ref: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=e03781879a0d https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=44ec98ea5ea9 Without this, the following error is observed and host-sflow couldn't use psample and NET_DB 2024 Jul 24 22:38:35.140784 r-tigris-04 ERR sflow#hsflowd: error joining PSAMPLE netlink group 20 : Operation not permitted 2024 Jul 24 22:38:35.849822 r-tigris-04 ERR sflow#hsflowd: error joining DROPMON netlink group 1 : Operation not permitted Signed-off-by: Vivek Reddy <vkarri@nvidia.com>
diff --git a/rules/docker-sflow.mk b/rules/docker-sflow.mk
@@ -30,7 +30,7 @@ SONIC_INSTALL_DOCKER_DBG_IMAGES += $(DOCKER_SFLOW_DBG)
 endif
 
 $(DOCKER_SFLOW)_CONTAINER_NAME = sflow
-$(DOCKER_SFLOW)_RUN_OPT += -t
+$(DOCKER_SFLOW)_RUN_OPT += -t --cap-add=NET_ADMIN --cap-add=SYS_ADMIN
 $(DOCKER_SFLOW)_RUN_OPT += -v /etc/sonic:/etc/sonic:ro
 $(DOCKER_SFLOW)_RUN_OPT += -v /etc/timezone:/etc/timezone:ro 
 $(DOCKER_SFLOW)_RUN_OPT += -v /host/warmboot:/var/warmboot
