Set raw socket capabilities into postinstall script for allowing users to use network device discovery within nymead

README.md

@@ -72,6 +72,15 @@ Chat with us on [Telegram](http://t.me/nymeacommunity) or [Discord](https://disc
 A detailed documentation on how to develop with *nymea* is available on the [nymea | developer documentation](https://nymea.io/documentation/developers/).
 
 
+## Network discovery
+
+When starting nymead as user without root privileges, the network device discovery will not available due to missing raw socket permission. 
+If you still want to make use of this feature, the binary capabilities need to be adjusted.
+
+    sudo setcap cap_net_admin,cap_net_raw=eip /usr/bin/nymead
+
+This will allow nymead to create raw sockets for ARP and ICMP network discovery tools even when nymead gets started as user without root privileges. 
+
 ## License
 --------------------------------------------
 > nymea is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.

debian/control

@@ -59,6 +59,7 @@ Depends: libqt5network5,
          libqt5websockets5,
          libqt5bluetooth5,
          libqt5sql5-sqlite,
+         libcap2-bin,
          logrotate,
          bluez,
          tar,

debian/nymead.postinst

@@ -2,7 +2,7 @@
 
 # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
 #                                                                         #
-#  Copyright (C) 2015-2016 Simon Stuerz <simon.stuerz@guh.guru>           #
+#  Copyright (C) 2015 - 2021 nymea GmbH <developer@nymea.io>              #
 #                                                                         #
 #  This file is part of nymea.                                            #
 #                                                                         #
@@ -20,6 +20,15 @@
 #                                                                         #
 # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
 
+# Make sure user will be able to perform a networkdiscovery
+# using ARP and ICMP sockets (raw_sock).
+setcap cap_net_admin,cap_net_raw=eip /usr/bin/nymead
+if [ $? -eq 0 ]; then
+    echo "Set raw socket network capabilities successfully for nymead."
+else
+    echo "Failed to set raw socket network capabilities for nymead. Network device discovery will not be available for non root users."
+fi
+
 # Restart the nymea daemon after update if it's running
 systemctl daemon-reload
 systemctl status nymead > /dev/null 2>&1

libnymea/network/networkdevicediscovery.cpp

@@ -44,8 +44,8 @@ NetworkDeviceDiscovery::NetworkDeviceDiscovery(QObject *parent) :
     // Create ARP socket
     m_arpSocket = new ArpSocket(this);
     connect(m_arpSocket, &ArpSocket::arpResponse, this, &NetworkDeviceDiscovery::onArpResponseRceived);
-    if (!m_arpSocket->openSocket()) {
+    bool arpAvailable = m_arpSocket->openSocket();
-        qCWarning(dcNetworkDeviceDiscovery()) << "Network discovery will not make use of ARP packages.";
+    if (!arpAvailable) {
         m_arpSocket->closeSocket();
     }
 
@@ -56,8 +56,6 @@ NetworkDeviceDiscovery::NetworkDeviceDiscovery(QObject *parent) :
 
     // Init MAC database if available
     m_macAddressDatabase = new MacAddressDatabase(this);
-    if (!m_macAddressDatabase->available())
-        qCWarning(dcNetworkDeviceDiscovery()) << "The mac address database is not available. Network discovery will not lookup mac address manufacturer";
 
     // Timer for max duration af a discovery
     m_discoveryTimer = new QTimer(this);
@@ -69,7 +67,11 @@ NetworkDeviceDiscovery::NetworkDeviceDiscovery(QObject *parent) :
         }
     });
 
+    if (!arpAvailable && !m_ping->available()) {
+        qCWarning(dcNetworkDeviceDiscovery()) << "Network device discovery is not available on this system.";
+    } else {
         qCDebug(dcNetworkDeviceDiscovery()) << "Created successfully";
+    }
 }
 
 NetworkDeviceDiscoveryReply *NetworkDeviceDiscovery::discover()