Johnny Hughes
2022-Jan-21 13:17 UTC
[CentOS] Ping as regular user not allowed (CentOS Stream 8)
On 1/21/22 05:01, Leon Fauster via CentOS wrote:> Am 20.01.22 um 23:14 schrieb Johnny Hughes: >> On 1/20/22 15:07, Johnny Hughes wrote: >>> On 1/20/22 12:46, Johnny Hughes wrote: >>>> On 1/19/22 08:44, Brian Stinson wrote: >>>>> On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund <toralf.lund at pgs.com> >>>>> wrote: >>>>>> >>>>>> Following some update or the other (I think) on my CentOS Stream 8 >>>>>> system, I'm no longer able to use ping as a regular user; I get >>>>>> >>>>>> $ ping www.centos.org >>>>>> ping: socket: Operation not permitted >>>>>> >>>>>> Does anyone else see this? It it a bug, or were the system/default >>>>>> permissions deliberately changed? Can anyone suggest a >>>>>> fix/workaround? >>>>>> Actually, I can find several different ones via a simple web >>>>>> search, but >>>>>> they are generally related to other distributions, I'm not quite sure >>>>>> which would be the most appropriate for CentOS... >>>>>> >>>>>> Thanks. >>>>>> >>>>>> - Toralf >>>>>> >>>>>> _______________________________________________ >>>>>> CentOS mailing list >>>>>> CentOS at centos.org >>>>>> https://lists.centos.org/mailman/listinfo/centos >>>>>> >>>>> >>>>> Folks interested in this issue can watch this bugzilla: >>>>> https://bugzilla.redhat.com/show_bug.cgi?id=2037807 >>>>> >>>>> We're waiting for systemd-239-55.el8 sources to show up after which we >>>>> will build this and publish to CentOS Stream. Right now this appears >>>>> to be an infrastructure issue and the appropriate folks are working on >>>>> that, but we also want this package to pass the proper checks before >>>>> we build. >>>> >>>> I am doing a compose with this version of systemd in it right now. >>>> Should be released later today. >>>> _______________________________________________ >>> >>> OK .. I am currently releasing an 8-stream compose with >>> systemd-239-55.el8 .. but it does not fix this unpriv ping issue. >>> >>> I checked internally and it is also a problem on the rhel build for >>> this systemd version, so not an issue introduced by the CentOS Stream >>> build. >>> >>> This? version of systemd should be available in a couple hours on >>> mirror.centos.org. >>> >> >> OK .. to fix this issue until we get a build that fixes it: >> >> Edit /usr/lib/sysctl.d/50-default.conf >> >> take out the minus sign (-) in this line: >> >> -net.ipv4.ping_group_range = 0 2147483647 >> > > > Is this "minus" a typo? I guess ... > > While yum update i get: > > Couldn't write '0 2147483647' to '-net/ipv4/ping_group_range', ignoring: > No such file or directoryI do not know if it is a typo or not (maybe a functionality I don't know about) .. but if I remove the dash and save the file, everything works as expected. It is the only option in that file with a dash.
Johnny Hughes
2022-Jan-21 13:53 UTC
[CentOS] Ping as regular user not allowed (CentOS Stream 8)
On 1/21/22 07:17, Johnny Hughes wrote:> On 1/21/22 05:01, Leon Fauster via CentOS wrote: >> Am 20.01.22 um 23:14 schrieb Johnny Hughes: >>> On 1/20/22 15:07, Johnny Hughes wrote: >>>> On 1/20/22 12:46, Johnny Hughes wrote: >>>>> On 1/19/22 08:44, Brian Stinson wrote: >>>>>> On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund <toralf.lund at pgs.com> >>>>>> wrote: >>>>>>> >>>>>>> Following some update or the other (I think) on my CentOS Stream 8 >>>>>>> system, I'm no longer able to use ping as a regular user; I get >>>>>>> >>>>>>> $ ping www.centos.org >>>>>>> ping: socket: Operation not permitted >>>>>>> >>>>>>> Does anyone else see this? It it a bug, or were the system/default >>>>>>> permissions deliberately changed? Can anyone suggest a >>>>>>> fix/workaround? >>>>>>> Actually, I can find several different ones via a simple web >>>>>>> search, but >>>>>>> they are generally related to other distributions, I'm not quite >>>>>>> sure >>>>>>> which would be the most appropriate for CentOS... >>>>>>> >>>>>>> Thanks. >>>>>>> >>>>>>> - Toralf >>>>>>> >>>>>>> _______________________________________________ >>>>>>> CentOS mailing list >>>>>>> CentOS at centos.org >>>>>>> https://lists.centos.org/mailman/listinfo/centos >>>>>>> >>>>>> >>>>>> Folks interested in this issue can watch this bugzilla: >>>>>> https://bugzilla.redhat.com/show_bug.cgi?id=2037807 >>>>>> >>>>>> We're waiting for systemd-239-55.el8 sources to show up after >>>>>> which we >>>>>> will build this and publish to CentOS Stream. Right now this appears >>>>>> to be an infrastructure issue and the appropriate folks are >>>>>> working on >>>>>> that, but we also want this package to pass the proper checks before >>>>>> we build. >>>>> >>>>> I am doing a compose with this version of systemd in it right now. >>>>> Should be released later today. >>>>> _______________________________________________ >>>> >>>> OK .. I am currently releasing an 8-stream compose with >>>> systemd-239-55.el8 .. but it does not fix this unpriv ping issue. >>>> >>>> I checked internally and it is also a problem on the rhel build for >>>> this systemd version, so not an issue introduced by the CentOS >>>> Stream build. >>>> >>>> This? version of systemd should be available in a couple hours on >>>> mirror.centos.org. >>>> >>> >>> OK .. to fix this issue until we get a build that fixes it: >>> >>> Edit /usr/lib/sysctl.d/50-default.conf >>> >>> take out the minus sign (-) in this line: >>> >>> -net.ipv4.ping_group_range = 0 2147483647 >>> >> >> >> Is this "minus" a typo? I guess ... >> >> While yum update i get: >> >> Couldn't write '0 2147483647' to '-net/ipv4/ping_group_range', >> ignoring: No such file or directory > > I do not know if it is a typo or not (maybe a functionality I don't know > about) .. but if I remove the dash and save the file, everything works > as expected. > > It is the only option in that file with a dash. > >OK .. the minus sign is intentional .. but the functionality to mkae it work is not yet in the packages. See this bug for details: https://bugzilla.redhat.com/show_bug.cgi?id=2037807