Timeline for ping does not work on a rootless Ubuntu podman container on Fedora
Current License: CC BY-SA 4.0
5 events
when toggle format | what | by | license | comment | |
---|---|---|---|---|---|
Oct 14, 2022 at 20:08 | comment | added | Sascha S. | By some way described in superuser.com/a/1702188/1737591 you always have to grant the ping executable the required permissions. This is just mostly taken care of by the package or image maintainers. | |
Oct 14, 2022 at 20:06 | history | edited | Sascha S. | CC BY-SA 4.0 |
Add example for using ping in unprivileged ubuntu container
|
Oct 11, 2022 at 16:12 | comment | added | epokhe |
Thanks. The capability flag fixes the error. But after doing some reading, I still don't understand why it's needed for Ubuntu image, but not Alpine/Fedora. As far as I understand, CAP_NET_RAW is required to use ping via SOCK_RAW , but if net.ipv4.ping_group_range is configured correctly you can still use ping via SOCK_DGRAM . I also verified this on an Ubuntu host by removing the NET_RAW capability, I was still able to use ping. Only after removing my user from ping group range, ping stopped working. For some reason, only on an Ubuntu container, you must have NET_RAW capability.
|
|
S Oct 10, 2022 at 15:55 | review | First answers | |||
Oct 10, 2022 at 16:21 | |||||
S Oct 10, 2022 at 15:55 | history | answered | Sascha S. | CC BY-SA 4.0 |