Anthony Iliopoulos changed bug 1177499
What Removed Added
CC   ailiopoulos@suse.com

Comment # 4 on bug 1177499 from 
PR_SET_NO_NEW_PRIVS works fine, but ping indeed doesn't need any special
capabilities anymore, so the test fails.

This has been actually possible for a long time, since commit c319b4d76b9e
("net: ipv4: add IPPROTO_ICMP socket kind"), but it was restricted by default
(see commit msg for details, basically /proc/sys/net/ipv4/ping_group_range
needs to allow uid ranges).

This seems to have been changed recently in TW to allow this to all users:

/usr/lib/sysctl.d/50-default.conf:net.ipv4.ping_group_range = 0 2147483647 

rpm -qf /usr/lib/sysctl.d/50-default.conf            
aaa_base-84.87+git20200918.331aa2f-1.1.x86_64

Wed Sep  9 06:51:29 UTC 2020 - Ludwig Nussel <lnussel@suse.de>
* sysctl.d/50-default.conf: allow everybody to create IPPROTO_ICMP sockets
(bsc#1174504)

You are receiving this mail because: