Timeline for ping does not work on a rootless Ubuntu podman container on Fedora
Current License: CC BY-SA 4.0
5 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Oct 14, 2022 at 20:08 | comment | added | Sascha S. | By some way described in superuser.com/a/1702188/1737591 you always have to grant the ping executable the required permissions. This is just mostly taken care of by the package or image maintainers. | |
| Oct 14, 2022 at 20:06 | history | edited | Sascha S. | CC BY-SA 4.0 |
Add example for using ping in unprivileged ubuntu container
|
| Oct 11, 2022 at 16:12 | comment | added | epokhe |
Thanks. The capability flag fixes the error. But after doing some reading, I still don't understand why it's needed for Ubuntu image, but not Alpine/Fedora. As far as I understand, CAP_NET_RAW is required to use ping via SOCK_RAW, but if net.ipv4.ping_group_range is configured correctly you can still use ping via SOCK_DGRAM. I also verified this on an Ubuntu host by removing the NET_RAW capability, I was still able to use ping. Only after removing my user from ping group range, ping stopped working. For some reason, only on an Ubuntu container, you must have NET_RAW capability.
|
|
| S Oct 10, 2022 at 15:55 | review | First answers | |||
| Oct 10, 2022 at 16:21 | |||||
| S Oct 10, 2022 at 15:55 | history | answered | Sascha S. | CC BY-SA 4.0 |