https://bugzilla.suse.com/show_bug.cgi?id=1177499 https://bugzilla.suse.com/show_bug.cgi?id=1177499#c4 Anthony Iliopoulos <ailiopoulos@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ailiopoulos@suse.com --- Comment #4 from Anthony Iliopoulos <ailiopoulos@suse.com> --- PR_SET_NO_NEW_PRIVS works fine, but ping indeed doesn't need any special capabilities anymore, so the test fails. This has been actually possible for a long time, since commit c319b4d76b9e ("net: ipv4: add IPPROTO_ICMP socket kind"), but it was restricted by default (see commit msg for details, basically /proc/sys/net/ipv4/ping_group_range needs to allow uid ranges). This seems to have been changed recently in TW to allow this to all users: /usr/lib/sysctl.d/50-default.conf:net.ipv4.ping_group_range = 0 2147483647 rpm -qf /usr/lib/sysctl.d/50-default.conf aaa_base-84.87+git20200918.331aa2f-1.1.x86_64 Wed Sep 9 06:51:29 UTC 2020 - Ludwig Nussel <lnussel@suse.de> * sysctl.d/50-default.conf: allow everybody to create IPPROTO_ICMP sockets (bsc#1174504) -- You are receiving this mail because: You are the assignee for the bug.