[SOLVED] no CAPS ping -> user is unable to ping after update iputils

kokoko3k · 2020-10-01 09:13:08

Good morning,

After today's update, it seems i'm unable to ping without root privileges:

koko@Gozer# pacman -Q iputils
iputils 20200821-1

koko@Gozer# ping 1.1.1.1
ping: socket: Operation not permitted

koko@Gozer# getcap /usr/bin/ping

#

Going back to the previous installed iputils package, ping works:

koko@Gozer# pacman -Q iputils
iputils 20190709-2

koko@Gozer# getcap /usr/bin/ping
/usr/bin/ping cap_net_raw=ep

koko@Gozer# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=58 time=3.71 ms

I'm a bit lost, is the change intentional and what is the right way to give user the ability to ping again?

Thanks!

Last edited by kokoko3k (2020-10-01 11:47:21)

Lone_Wolf · 2020-10-01 10:27:42

iputils 20200821-1 is in repos since september 10 .
The last version before that was 20190709-3 , not -2 .

That suggests your "today's update" was the first in some time. please post the pacman log from today's update.

kokoko3k · 2020-10-01 10:38:44

Indeed, i am back to work since months.
Anyway, since reverting to my previous one "solved" the issue, i think the issue lies in the package itself.
Are you able to ping as a normal user?
This is the complete log:
https://0x0.st/iUn0.log

Thanks.

seth · 2020-10-01 10:54:07

https://bbs.archlinux.org/viewtopic.php … 2#p1921172

kokoko3k · 2020-10-01 11:37:58

Thanks seth, so, as i understood:
* mainline iputils dropped the required CAPS from ping executable
* ...so it is not a bug
* one is supposed to use net.ipv4.ping_group_range instead.

Is it right?

--Mmhh--
EDIT:
I think i understood what happened:

koko@Gozer# ls -la /etc/sysctl.d/50-default.conf 
-rw-r--r-- 1 root root 741 mar  7  2016 /etc/sysctl.d/50-default.conf

koko@Gozer# ls -la /usr/lib/sysctl.d/50-default.conf 
-rw-r--r-- 1 root root 1939 ott  1 13:25 /usr/lib/sysctl.d/50-default.conf

root@Gozer# grep net.ipv4.ping_group_range /etc/sysctl.d/50-default.conf 

root@Gozer# grep net.ipv4.ping_group_range /usr/lib/sysctl.d/50-default.conf
-net.ipv4.ping_group_range = 0 2147483647

/usr/lib/sysctl.d/50-default.conf is ignored because /etc/sysctl.d/50-default.conf exists on my system. (since 2016!!)
man sysctl.conf explicitely states:

       --system
              Load  settings from all system configuration files. Files are read from directories in the following list in given order from top to bottom.  Once a file of a given filename is loaded, any file of the same name in sub‐
              sequent directories is ignored.
              /run/sysctl.d/*.conf
              /etc/sysctl.d/*.conf
              /usr/local/lib/sysctl.d/*.conf
              /usr/lib/sysctl.d/*.conf
              /lib/sysctl.d/*.conf
              /etc/sysctl.conf

so i fixed by issuing:

# mv /etc/sysctl.d/50-default.conf /etc/sysctl.d/50-koko-default.conf
# sysctl --system

Thank you all!

Last edited by kokoko3k (2020-10-01 11:53:41)

seth · 2020-10-01 11:44:42

Yes.
Did you figure the rest of your original post?

kokoko3k · 2020-10-01 11:46:25

Yep, edited my message just now :-)

Arch Linux

#1 2020-10-01 09:13:08

[SOLVED] no CAPS ping -> user is unable to ping after update iputils

#2 2020-10-01 10:27:42

Re: [SOLVED] no CAPS ping -> user is unable to ping after update iputils

#3 2020-10-01 10:38:44

Re: [SOLVED] no CAPS ping -> user is unable to ping after update iputils

#4 2020-10-01 10:54:07

Re: [SOLVED] no CAPS ping -> user is unable to ping after update iputils

#5 2020-10-01 11:37:58

Re: [SOLVED] no CAPS ping -> user is unable to ping after update iputils

#6 2020-10-01 11:44:42

Re: [SOLVED] no CAPS ping -> user is unable to ping after update iputils

#7 2020-10-01 11:46:25

Re: [SOLVED] no CAPS ping -> user is unable to ping after update iputils

Board footer