If you develop your native C/C++ application with Eclipse CDK and the need to execute the newly build application with permissions to access raw socket API, such as a tun-interface, I suggest to use Linux-capabilities. (Executing the newly build application as root/super user, can become very complex.) The Linux-capabilities allow you to execute you app with regular user permissions, but being capable to access certain privileged interfaces of Linux.
I assume that your build environment builds the binary /home/myuser/workspace/proj/bin/myapp
Next you have got to add the following lines to /etc/security/capability.conf to grant these privileges to the developer/user myuser.
If your application needs read/write access to raw network devices such as /dev/net/tun, grant these privileges by adding the following line to the file /etc/udev/rules.d/50-udev.rules (assuming myuser is member of group admin)
These take effect on next reboot. In the meantime do:
sudo chown root.admin /dev/net/tun
sudo chmod g+w /dev/net/tun
Now your application has the required permissions to execute privileged network operations. Now you have got to integrate the setcap invocation into the Makefile build process. Add the following line to your make-rule:
To avoid that sudo request the password, we add the following line to the very end of the file /etc/sudoers, replace myuser by the user-name of the developer.
You will notice that we grant access as well to /sbin/ifconfig. This will allow our application to invoke ifconfig commands from within application to create the required network interfaces.
Finally very that the capabilities are configured for the freshly built binary. And you should see the capabilities are the one you set before.
Now you are done. You should be able to execute your application with normal user permissions from within Eclipse, and invoke privileged network operations.