https://bugzilla.suse.com/show_bug.cgi?id=1177499
https://bugzilla.suse.com/show_bug.cgi?id=1177499#c4
Anthony Iliopoulos changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ailiopoulos@suse.com
--- Comment #4 from Anthony Iliopoulos ---
PR_SET_NO_NEW_PRIVS works fine, but ping indeed doesn't need any special
capabilities anymore, so the test fails.
This has been actually possible for a long time, since commit c319b4d76b9e
("net: ipv4: add IPPROTO_ICMP socket kind"), but it was restricted by default
(see commit msg for details, basically /proc/sys/net/ipv4/ping_group_range
needs to allow uid ranges).
This seems to have been changed recently in TW to allow this to all users:
/usr/lib/sysctl.d/50-default.conf:net.ipv4.ping_group_range = 0 2147483647
rpm -qf /usr/lib/sysctl.d/50-default.conf
aaa_base-84.87+git20200918.331aa2f-1.1.x86_64
Wed Sep 9 06:51:29 UTC 2020 - Ludwig Nussel
* sysctl.d/50-default.conf: allow everybody to create IPPROTO_ICMP sockets
(bsc#1174504)
--
You are receiving this mail because:
You are the assignee for the bug.