Test deploying ooni as a non-root user
Test ooni deployment without root. You'll need a system that supports capability bits CAP_NET_RAW and CAP_NET_ADMIN.
These instructions are for using tcpdump as non root. We may need to set the capabilities on the actual python interpreter. If you're using a virtualenv, there should be a python binary inside $YOURVIRTUALENV/bin/
Instructions for tcpdump. Modify as necessary.
sudo setcap cap_net_raw,cap_net_admin=eip /usr/bin/tcpdump
groupadd pcap
usermod -a -G pcap ooni
chgrp pcap /usr/sbin/tcpdump
Also, verify that these settings persist through a reboot.