Re: Ping as regular user not allowed (CentOS Stream 8)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 1/21/22 07:53, Johnny Hughes wrote:
On 1/21/22 07:17, Johnny Hughes wrote:
On 1/21/22 05:01, Leon Fauster via CentOS wrote:
Am 20.01.22 um 23:14 schrieb Johnny Hughes:
On 1/20/22 15:07, Johnny Hughes wrote:
On 1/20/22 12:46, Johnny Hughes wrote:
On 1/19/22 08:44, Brian Stinson wrote:
On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund <toralf.lund@xxxxxxx> wrote:

Following some update or the other (I think) on my CentOS Stream 8
system, I'm no longer able to use ping as a regular user; I get

$ ping www.centos.org
ping: socket: Operation not permitted

Does anyone else see this? It it a bug, or were the system/default
permissions deliberately changed? Can anyone suggest a fix/workaround? Actually, I can find several different ones via a simple web search, but they are generally related to other distributions, I'm not quite sure
which would be the most appropriate for CentOS...

Thanks.

- Toralf

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos


Folks interested in this issue can watch this bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=2037807

We're waiting for systemd-239-55.el8 sources to show up after which we
will build this and publish to CentOS Stream. Right now this appears
to be an infrastructure issue and the appropriate folks are working on
that, but we also want this package to pass the proper checks before
we build.

I am doing a compose with this version of systemd in it right now. Should be released later today.
_______________________________________________

OK .. I am currently releasing an 8-stream compose with systemd-239-55.el8 .. but it does not fix this unpriv ping issue.

I checked internally and it is also a problem on the rhel build for this systemd version, so not an issue introduced by the CentOS Stream build.

This  version of systemd should be available in a couple hours on mirror.centos.org.


OK .. to fix this issue until we get a build that fixes it:

Edit /usr/lib/sysctl.d/50-default.conf

take out the minus sign (-) in this line:

-net.ipv4.ping_group_range = 0 2147483647



Is this "minus" a typo? I guess ...

While yum update i get:

Couldn't write '0 2147483647' to '-net/ipv4/ping_group_range', ignoring: No such file or directory

I do not know if it is a typo or not (maybe a functionality I don't know about) .. but if I remove the dash and save the file, everything works as expected.

It is the only option in that file with a dash.



OK .. the minus sign is intentional .. but the functionality to mkae it work is not yet in the packages.  See this bug for details:

https://bugzilla.redhat.com/show_bug.cgi?id=2037807

So the two fixes are to not upgrade iputils and exclude it in your dnf config .. OR .. to take out he minus sign until the issue is fixed.

Or live with suod/root only for ping

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux