message "unable to setsocketopt(IP_TOS)" in logs

[Adam Tauno Williams]

On Fri, 2018-02-16 at 08:55 +0100, Chentao Credungtao via Info-cyrus
wrote:
> cyrus/master[7082]: unable to setsocketopt(IP_TOS) service
> lmtpunix/unix: Operation not supported 
> cyrus/master[7082]: unable to setsocketopt(IP_TOS) service
> notify/unix: Operation not supported 

It is likely just the configuration of your host/nodes/whatevers.

ToS is frequently disabled as it is deprecated.  ToS comes from RFC1349
which was obsoleted by RFC2474 and RFC2475.  So in many cases the
failure of the call is treated as a non-critical event.

RFC2474, which obsoletes ToS, was released in December of 1999.

Some routers might still pay attention to ToS bits, but probably not.
And many routers will rewrite your ToS to zero either way.

You can happily ignore these messages.

If you want to dig further you will have to try to grant the process
the CAP_NET_ADMIN capability, which might make it work.

Capabilities are what allow you to do things like run ping as non-root.

# sudo getcap /usr/bin/ping
/usr/bin/ping = cap_net_raw+ep

So you can add the capability to the Cyrus binaries if it is important
to you;  provided the feature is supported in the underlying OS.

sudo setcap  cap_net_admin+ep {application}

Note that there are potential security issues created by giving
applications capabilities.

-- 
Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383