I confirm; ospd-openvas needs to run as a regular user, while openvas binary needs to run with root privileges. For reference, the following needs to be done for openvas:
Edit sudoers file with visudo as root and add the following:
Allow the user running ospd-openvas, to launch openvas with root permissions
gvm ALL = NOPASSWD: /opt/gvm/sbin/openvas
Enable packet capture capability for GVM regular user: (where gvm is the user running GVM)
groupadd pcap
usermod -a -G pcap gvm
chgrp pcap /usr/sbin/tcpdump
chmod 750 /usr/sbin/tcpdump
sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
sudo setcap cap_net_raw,cap_net_admin=eip /opt/gvm/bin/wmic
sudo setcap cap_net_raw,cap_net_admin=eip /opt/gvm/bin/winexe
sudo setcap cap_net_raw,cap_net_admin=eip /opt/gvm/bin/openvas-nasl
sudo setcap cap_net_raw,cap_net_admin=eip /opt/gvm/bin/openvas-nasl-lint
sudo setcap cap_net_raw,cap_net_admin=eip /opt/gvm/bin/ospd-scanner/bin/ospd-openvas
Not sure it’s necessary to do this for all binaries though, but at least this setup works.