Following some update or the other (I think) on my CentOS Stream 8 system, I'm no longer able to use ping as a regular user; I get
$ ping www.centos.org ping: socket: Operation not permitted
Does anyone else see this? It it a bug, or were the system/default permissions deliberately changed? Can anyone suggest a fix/workaround? Actually, I can find several different ones via a simple web search, but they are generally related to other distributions, I'm not quite sure which would be the most appropriate for CentOS...
Thanks.
- Toralf
On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund toralf.lund@pgs.com wrote:
Following some update or the other (I think) on my CentOS Stream 8 system, I'm no longer able to use ping as a regular user; I get
$ ping www.centos.org ping: socket: Operation not permitted
Does anyone else see this? It it a bug, or were the system/default permissions deliberately changed? Can anyone suggest a fix/workaround? Actually, I can find several different ones via a simple web search, but they are generally related to other distributions, I'm not quite sure which would be the most appropriate for CentOS...
Thanks.
- Toralf
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Folks interested in this issue can watch this bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2037807
We're waiting for systemd-239-55.el8 sources to show up after which we will build this and publish to CentOS Stream. Right now this appears to be an infrastructure issue and the appropriate folks are working on that, but we also want this package to pass the proper checks before we build.
--Brian
Am 19.01.22 um 15:44 schrieb Brian Stinson:
On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund toralf.lund@pgs.com wrote:
Following some update or the other (I think) on my CentOS Stream 8 system, I'm no longer able to use ping as a regular user; I get
$ ping www.centos.org ping: socket: Operation not permitted
Does anyone else see this? It it a bug, or were the system/default permissions deliberately changed? Can anyone suggest a fix/workaround? Actually, I can find several different ones via a simple web search, but they are generally related to other distributions, I'm not quite sure which would be the most appropriate for CentOS...
I also noticed this "change".
Folks interested in this issue can watch this bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2037807
We're waiting for systemd-239-55.el8 sources to show up after which we will build this and publish to CentOS Stream. Right now this appears to be an infrastructure issue and the appropriate folks are working on that, but we also want this package to pass the proper checks before we build.
Is this a regression of the last systemd update?
-- Leon
Am 19.01.22 um 15:44 schrieb Brian Stinson:
On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund toralf.lund@pgs.com wrote:
Following some update or the other (I think) on my CentOS Stream 8 system, I'm no longer able to use ping as a regular user; I get
$ ping www.centos.org ping: socket: Operation not permitted
Does anyone else see this? It it a bug, or were the system/default permissions deliberately changed? Can anyone suggest a fix/workaround? Actually, I can find several different ones via a simple web search, but they are generally related to other distributions, I'm not quite sure which would be the most appropriate for CentOS...
I also noticed this "change".
Folks interested in this issue can watch this bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2037807
We're waiting for systemd-239-55.el8 sources to show up after which we will build this and publish to CentOS Stream. Right now this appears to be an infrastructure issue and the appropriate folks are working on that, but we also want this package to pass the proper checks before we build.
Is this a regression of the last systemd update?
Yes, systemd, this new operating system which still lacks a kernel ;-)
But seriously, this should be a warning how dangerous even the smallest bug in systemd can be. In this case it's absolutely harmless but it shows once more how domineering systemd became to be in the Linux ecosystem.
A bit frightening for me.
Regards, Simon
On 1/20/22 03:13, Simon Matter wrote:
But seriously, this should be a warning how dangerous even the smallest bug in systemd can be. In this case it's absolutely harmless but it shows once more how domineering systemd became to be in the Linux ecosystem.
A bit frightening for me.
I don't think that's particularly justified. A change was made to remove the capability from the file and instead set a kernel parameter that allows users to ping based on their GID, in order to allow ping to work from rootless containers. Systemd's only involvement here is that it loads sysctls when the system boots, and those sysctl files are bundled in its RPM.
https://fedoraproject.org/wiki/Changes/EnableSysctlPingGroupRange
On 1/19/22 08:44, Brian Stinson wrote:
On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund toralf.lund@pgs.com wrote:
Following some update or the other (I think) on my CentOS Stream 8 system, I'm no longer able to use ping as a regular user; I get
$ ping www.centos.org ping: socket: Operation not permitted
Does anyone else see this? It it a bug, or were the system/default permissions deliberately changed? Can anyone suggest a fix/workaround? Actually, I can find several different ones via a simple web search, but they are generally related to other distributions, I'm not quite sure which would be the most appropriate for CentOS...
Thanks.
- Toralf
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Folks interested in this issue can watch this bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2037807
We're waiting for systemd-239-55.el8 sources to show up after which we will build this and publish to CentOS Stream. Right now this appears to be an infrastructure issue and the appropriate folks are working on that, but we also want this package to pass the proper checks before we build.
I am doing a compose with this version of systemd in it right now. Should be released later today.
On 1/20/22 12:46, Johnny Hughes wrote:
On 1/19/22 08:44, Brian Stinson wrote:
On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund toralf.lund@pgs.com wrote:
Following some update or the other (I think) on my CentOS Stream 8 system, I'm no longer able to use ping as a regular user; I get
$ ping www.centos.org ping: socket: Operation not permitted
Does anyone else see this? It it a bug, or were the system/default permissions deliberately changed? Can anyone suggest a fix/workaround? Actually, I can find several different ones via a simple web search, but they are generally related to other distributions, I'm not quite sure which would be the most appropriate for CentOS...
Thanks.
- Toralf
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Folks interested in this issue can watch this bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2037807
We're waiting for systemd-239-55.el8 sources to show up after which we will build this and publish to CentOS Stream. Right now this appears to be an infrastructure issue and the appropriate folks are working on that, but we also want this package to pass the proper checks before we build.
I am doing a compose with this version of systemd in it right now. Should be released later today. _______________________________________________
OK .. I am currently releasing an 8-stream compose with systemd-239-55.el8 .. but it does not fix this unpriv ping issue.
I checked internally and it is also a problem on the rhel build for this systemd version, so not an issue introduced by the CentOS Stream build.
This version of systemd should be available in a couple hours on mirror.centos.org.
Thanks, Johnny Hughes
Am 20.01.22 um 22:07 schrieb Johnny Hughes:
On 1/20/22 12:46, Johnny Hughes wrote:
On 1/19/22 08:44, Brian Stinson wrote:
On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund toralf.lund@pgs.com wrote:
Following some update or the other (I think) on my CentOS Stream 8 system, I'm no longer able to use ping as a regular user; I get
$ ping www.centos.org ping: socket: Operation not permitted
Does anyone else see this? It it a bug, or were the system/default permissions deliberately changed? Can anyone suggest a fix/workaround? Actually, I can find several different ones via a simple web search, but they are generally related to other distributions, I'm not quite sure which would be the most appropriate for CentOS...
Thanks.
- Toralf
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Folks interested in this issue can watch this bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2037807
We're waiting for systemd-239-55.el8 sources to show up after which we will build this and publish to CentOS Stream. Right now this appears to be an infrastructure issue and the appropriate folks are working on that, but we also want this package to pass the proper checks before we build.
I am doing a compose with this version of systemd in it right now. Should be released later today. _______________________________________________
OK .. I am currently releasing an 8-stream compose with systemd-239-55.el8 .. but it does not fix this unpriv ping issue.
The change was intentional. So, this will stay ...?
https://git.centos.org/rpms/iputils/c/efa64b5e05ccb2c1332304ad493acc874b61e1...
I checked internally and it is also a problem on the rhel build for this systemd version, so not an issue introduced by the CentOS Stream build.
This version of systemd should be available in a couple hours on mirror.centos.org.
Thanks, Johnny Hughes _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
-- Leon
On Thursday, January 20, 2022 3:52:35 PM CST Leon Fauster via CentOS wrote:
The change was intentional. So, this will stay ...?
https://git.centos.org/rpms/iputils/c/efa64b5e05ccb2c1332304ad493acc874b61e1 3a?branch=c8s
If this is intentional, what is the reasoning behind it? This seems a bit heavy handed no?
The change to iputils should be read in context with this change to systemd: https://github.com/redhat-plumbers/systemd-rhel8/pull/246/files
To me this reads like the intent is to remove the capabilities on the ping binary, while using another mechanism to allow non-root users to still use the ping utility.
--Brian
On Thu, Jan 20, 2022 at 3:57 PM Robby Callicotte via CentOS centos@centos.org wrote:
On Thursday, January 20, 2022 3:52:35 PM CST Leon Fauster via CentOS wrote:
The change was intentional. So, this will stay ...?
https://git.centos.org/rpms/iputils/c/efa64b5e05ccb2c1332304ad493acc874b61e1 3a?branch=c8s
If this is intentional, what is the reasoning behind it? This seems a bit heavy handed no?
-- Robby Callicotte He/Him/His Timezone: America/Chicago IRC: c4t3l | Twitter: @robbycl2v
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On 1/20/22 15:07, Johnny Hughes wrote:
On 1/20/22 12:46, Johnny Hughes wrote:
On 1/19/22 08:44, Brian Stinson wrote:
On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund toralf.lund@pgs.com wrote:
Following some update or the other (I think) on my CentOS Stream 8 system, I'm no longer able to use ping as a regular user; I get
$ ping www.centos.org ping: socket: Operation not permitted
Does anyone else see this? It it a bug, or were the system/default permissions deliberately changed? Can anyone suggest a fix/workaround? Actually, I can find several different ones via a simple web search, but they are generally related to other distributions, I'm not quite sure which would be the most appropriate for CentOS...
Thanks.
- Toralf
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Folks interested in this issue can watch this bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2037807
We're waiting for systemd-239-55.el8 sources to show up after which we will build this and publish to CentOS Stream. Right now this appears to be an infrastructure issue and the appropriate folks are working on that, but we also want this package to pass the proper checks before we build.
I am doing a compose with this version of systemd in it right now. Should be released later today. _______________________________________________
OK .. I am currently releasing an 8-stream compose with systemd-239-55.el8 .. but it does not fix this unpriv ping issue.
I checked internally and it is also a problem on the rhel build for this systemd version, so not an issue introduced by the CentOS Stream build.
This version of systemd should be available in a couple hours on mirror.centos.org.
OK .. to fix this issue until we get a build that fixes it:
Edit /usr/lib/sysctl.d/50-default.conf
take out the minus sign (-) in this line:
-net.ipv4.ping_group_range = 0 2147483647
Thanks, Johnny Hughes
Am 20.01.22 um 23:14 schrieb Johnny Hughes:
On 1/20/22 15:07, Johnny Hughes wrote:
On 1/20/22 12:46, Johnny Hughes wrote:
On 1/19/22 08:44, Brian Stinson wrote:
On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund toralf.lund@pgs.com wrote:
Following some update or the other (I think) on my CentOS Stream 8 system, I'm no longer able to use ping as a regular user; I get
$ ping www.centos.org ping: socket: Operation not permitted
Does anyone else see this? It it a bug, or were the system/default permissions deliberately changed? Can anyone suggest a fix/workaround? Actually, I can find several different ones via a simple web search, but they are generally related to other distributions, I'm not quite sure which would be the most appropriate for CentOS...
Thanks.
- Toralf
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Folks interested in this issue can watch this bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2037807
We're waiting for systemd-239-55.el8 sources to show up after which we will build this and publish to CentOS Stream. Right now this appears to be an infrastructure issue and the appropriate folks are working on that, but we also want this package to pass the proper checks before we build.
I am doing a compose with this version of systemd in it right now. Should be released later today. _______________________________________________
OK .. I am currently releasing an 8-stream compose with systemd-239-55.el8 .. but it does not fix this unpriv ping issue.
I checked internally and it is also a problem on the rhel build for this systemd version, so not an issue introduced by the CentOS Stream build.
This version of systemd should be available in a couple hours on mirror.centos.org.
OK .. to fix this issue until we get a build that fixes it:
Edit /usr/lib/sysctl.d/50-default.conf
take out the minus sign (-) in this line:
-net.ipv4.ping_group_range = 0 2147483647
Is this "minus" a typo? I guess ...
While yum update i get:
Couldn't write '0 2147483647' to '-net/ipv4/ping_group_range', ignoring: No such file or directory
-- Leon
On 1/21/22 05:01, Leon Fauster via CentOS wrote:
Am 20.01.22 um 23:14 schrieb Johnny Hughes:
On 1/20/22 15:07, Johnny Hughes wrote:
On 1/20/22 12:46, Johnny Hughes wrote:
On 1/19/22 08:44, Brian Stinson wrote:
On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund toralf.lund@pgs.com wrote:
Following some update or the other (I think) on my CentOS Stream 8 system, I'm no longer able to use ping as a regular user; I get
$ ping www.centos.org ping: socket: Operation not permitted
Does anyone else see this? It it a bug, or were the system/default permissions deliberately changed? Can anyone suggest a fix/workaround? Actually, I can find several different ones via a simple web search, but they are generally related to other distributions, I'm not quite sure which would be the most appropriate for CentOS...
Thanks.
- Toralf
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Folks interested in this issue can watch this bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2037807
We're waiting for systemd-239-55.el8 sources to show up after which we will build this and publish to CentOS Stream. Right now this appears to be an infrastructure issue and the appropriate folks are working on that, but we also want this package to pass the proper checks before we build.
I am doing a compose with this version of systemd in it right now. Should be released later today. _______________________________________________
OK .. I am currently releasing an 8-stream compose with systemd-239-55.el8 .. but it does not fix this unpriv ping issue.
I checked internally and it is also a problem on the rhel build for this systemd version, so not an issue introduced by the CentOS Stream build.
This version of systemd should be available in a couple hours on mirror.centos.org.
OK .. to fix this issue until we get a build that fixes it:
Edit /usr/lib/sysctl.d/50-default.conf
take out the minus sign (-) in this line:
-net.ipv4.ping_group_range = 0 2147483647
Is this "minus" a typo? I guess ...
While yum update i get:
Couldn't write '0 2147483647' to '-net/ipv4/ping_group_range', ignoring: No such file or directory
I do not know if it is a typo or not (maybe a functionality I don't know about) .. but if I remove the dash and save the file, everything works as expected.
It is the only option in that file with a dash.
On 1/21/22 07:17, Johnny Hughes wrote:
On 1/21/22 05:01, Leon Fauster via CentOS wrote:
Am 20.01.22 um 23:14 schrieb Johnny Hughes:
On 1/20/22 15:07, Johnny Hughes wrote:
On 1/20/22 12:46, Johnny Hughes wrote:
On 1/19/22 08:44, Brian Stinson wrote:
On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund toralf.lund@pgs.com wrote: > > Following some update or the other (I think) on my CentOS Stream 8 > system, I'm no longer able to use ping as a regular user; I get > > $ ping www.centos.org > ping: socket: Operation not permitted > > Does anyone else see this? It it a bug, or were the system/default > permissions deliberately changed? Can anyone suggest a > fix/workaround? > Actually, I can find several different ones via a simple web > search, but > they are generally related to other distributions, I'm not quite > sure > which would be the most appropriate for CentOS... > > Thanks. > > - Toralf > > _______________________________________________ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos >
Folks interested in this issue can watch this bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2037807
We're waiting for systemd-239-55.el8 sources to show up after which we will build this and publish to CentOS Stream. Right now this appears to be an infrastructure issue and the appropriate folks are working on that, but we also want this package to pass the proper checks before we build.
I am doing a compose with this version of systemd in it right now. Should be released later today. _______________________________________________
OK .. I am currently releasing an 8-stream compose with systemd-239-55.el8 .. but it does not fix this unpriv ping issue.
I checked internally and it is also a problem on the rhel build for this systemd version, so not an issue introduced by the CentOS Stream build.
This version of systemd should be available in a couple hours on mirror.centos.org.
OK .. to fix this issue until we get a build that fixes it:
Edit /usr/lib/sysctl.d/50-default.conf
take out the minus sign (-) in this line:
-net.ipv4.ping_group_range = 0 2147483647
Is this "minus" a typo? I guess ...
While yum update i get:
Couldn't write '0 2147483647' to '-net/ipv4/ping_group_range', ignoring: No such file or directory
I do not know if it is a typo or not (maybe a functionality I don't know about) .. but if I remove the dash and save the file, everything works as expected.
It is the only option in that file with a dash.
OK .. the minus sign is intentional .. but the functionality to mkae it work is not yet in the packages. See this bug for details:
On 1/21/22 07:53, Johnny Hughes wrote:
On 1/21/22 07:17, Johnny Hughes wrote:
On 1/21/22 05:01, Leon Fauster via CentOS wrote:
Am 20.01.22 um 23:14 schrieb Johnny Hughes:
On 1/20/22 15:07, Johnny Hughes wrote:
On 1/20/22 12:46, Johnny Hughes wrote:
On 1/19/22 08:44, Brian Stinson wrote: > On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund toralf.lund@pgs.com > wrote: >> >> Following some update or the other (I think) on my CentOS Stream 8 >> system, I'm no longer able to use ping as a regular user; I get >> >> $ ping www.centos.org >> ping: socket: Operation not permitted >> >> Does anyone else see this? It it a bug, or were the system/default >> permissions deliberately changed? Can anyone suggest a >> fix/workaround? >> Actually, I can find several different ones via a simple web >> search, but >> they are generally related to other distributions, I'm not quite >> sure >> which would be the most appropriate for CentOS... >> >> Thanks. >> >> - Toralf >> >> _______________________________________________ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > > Folks interested in this issue can watch this bugzilla: > https://bugzilla.redhat.com/show_bug.cgi?id=2037807 > > We're waiting for systemd-239-55.el8 sources to show up after > which we > will build this and publish to CentOS Stream. Right now this appears > to be an infrastructure issue and the appropriate folks are > working on > that, but we also want this package to pass the proper checks before > we build.
I am doing a compose with this version of systemd in it right now. Should be released later today. _______________________________________________
OK .. I am currently releasing an 8-stream compose with systemd-239-55.el8 .. but it does not fix this unpriv ping issue.
I checked internally and it is also a problem on the rhel build for this systemd version, so not an issue introduced by the CentOS Stream build.
This version of systemd should be available in a couple hours on mirror.centos.org.
OK .. to fix this issue until we get a build that fixes it:
Edit /usr/lib/sysctl.d/50-default.conf
take out the minus sign (-) in this line:
-net.ipv4.ping_group_range = 0 2147483647
Is this "minus" a typo? I guess ...
While yum update i get:
Couldn't write '0 2147483647' to '-net/ipv4/ping_group_range', ignoring: No such file or directory
I do not know if it is a typo or not (maybe a functionality I don't know about) .. but if I remove the dash and save the file, everything works as expected.
It is the only option in that file with a dash.
OK .. the minus sign is intentional .. but the functionality to mkae it work is not yet in the packages. See this bug for details:
So the two fixes are to not upgrade iputils and exclude it in your dnf config .. OR .. to take out he minus sign until the issue is fixed.
Or live with suod/root only for ping
On 1/21/22 08:23, Johnny Hughes wrote:
On 1/21/22 07:53, Johnny Hughes wrote:
On 1/21/22 07:17, Johnny Hughes wrote:
On 1/21/22 05:01, Leon Fauster via CentOS wrote:
Am 20.01.22 um 23:14 schrieb Johnny Hughes:
On 1/20/22 15:07, Johnny Hughes wrote:
On 1/20/22 12:46, Johnny Hughes wrote: > On 1/19/22 08:44, Brian Stinson wrote: >> On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund >> toralf.lund@pgs.com wrote: >>> >>> Following some update or the other (I think) on my CentOS Stream 8 >>> system, I'm no longer able to use ping as a regular user; I get >>> >>> $ ping www.centos.org >>> ping: socket: Operation not permitted >>> >>> Does anyone else see this? It it a bug, or were the system/default >>> permissions deliberately changed? Can anyone suggest a >>> fix/workaround? >>> Actually, I can find several different ones via a simple web >>> search, but >>> they are generally related to other distributions, I'm not >>> quite sure >>> which would be the most appropriate for CentOS... >>> >>> Thanks. >>> >>> - Toralf >>> >>> _______________________________________________ >>> CentOS mailing list >>> CentOS@centos.org >>> https://lists.centos.org/mailman/listinfo/centos >>> >> >> Folks interested in this issue can watch this bugzilla: >> https://bugzilla.redhat.com/show_bug.cgi?id=2037807 >> >> We're waiting for systemd-239-55.el8 sources to show up after >> which we >> will build this and publish to CentOS Stream. Right now this >> appears >> to be an infrastructure issue and the appropriate folks are >> working on >> that, but we also want this package to pass the proper checks >> before >> we build. > > I am doing a compose with this version of systemd in it right > now. Should be released later today. > _______________________________________________
OK .. I am currently releasing an 8-stream compose with systemd-239-55.el8 .. but it does not fix this unpriv ping issue.
I checked internally and it is also a problem on the rhel build for this systemd version, so not an issue introduced by the CentOS Stream build.
This version of systemd should be available in a couple hours on mirror.centos.org.
OK .. to fix this issue until we get a build that fixes it:
Edit /usr/lib/sysctl.d/50-default.conf
take out the minus sign (-) in this line:
-net.ipv4.ping_group_range = 0 2147483647
Is this "minus" a typo? I guess ...
While yum update i get:
Couldn't write '0 2147483647' to '-net/ipv4/ping_group_range', ignoring: No such file or directory
I do not know if it is a typo or not (maybe a functionality I don't know about) .. but if I remove the dash and save the file, everything works as expected.
It is the only option in that file with a dash.
OK .. the minus sign is intentional .. but the functionality to mkae it work is not yet in the packages. See this bug for details:
So the two fixes are to not upgrade iputils and exclude it in your dnf config .. OR .. to take out he minus sign until the issue is fixed.
Or live with suod/root only for ping
I should obviously proof read :)
Am 21.01.22 um 15:23 schrieb Johnny Hughes:
On 1/21/22 07:53, Johnny Hughes wrote:
On 1/21/22 07:17, Johnny Hughes wrote:
On 1/21/22 05:01, Leon Fauster via CentOS wrote:
Am 20.01.22 um 23:14 schrieb Johnny Hughes:
On 1/20/22 15:07, Johnny Hughes wrote:
On 1/20/22 12:46, Johnny Hughes wrote: > On 1/19/22 08:44, Brian Stinson wrote: >> On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund >> toralf.lund@pgs.com wrote: >>> >>> Following some update or the other (I think) on my CentOS Stream 8 >>> system, I'm no longer able to use ping as a regular user; I get >>> >>> $ ping www.centos.org >>> ping: socket: Operation not permitted >>> >>> Does anyone else see this? It it a bug, or were the system/default >>> permissions deliberately changed? Can anyone suggest a >>> fix/workaround? >>> Actually, I can find several different ones via a simple web >>> search, but >>> they are generally related to other distributions, I'm not >>> quite sure >>> which would be the most appropriate for CentOS... >>> >>> Thanks. >>> >>> - Toralf >>> >>> _______________________________________________ >>> CentOS mailing list >>> CentOS@centos.org >>> https://lists.centos.org/mailman/listinfo/centos >>> >> >> Folks interested in this issue can watch this bugzilla: >> https://bugzilla.redhat.com/show_bug.cgi?id=2037807 >> >> We're waiting for systemd-239-55.el8 sources to show up after >> which we >> will build this and publish to CentOS Stream. Right now this >> appears >> to be an infrastructure issue and the appropriate folks are >> working on >> that, but we also want this package to pass the proper checks >> before >> we build. > > I am doing a compose with this version of systemd in it right > now. Should be released later today. > _______________________________________________
OK .. I am currently releasing an 8-stream compose with systemd-239-55.el8 .. but it does not fix this unpriv ping issue.
I checked internally and it is also a problem on the rhel build for this systemd version, so not an issue introduced by the CentOS Stream build.
This version of systemd should be available in a couple hours on mirror.centos.org.
OK .. to fix this issue until we get a build that fixes it:
Edit /usr/lib/sysctl.d/50-default.conf
take out the minus sign (-) in this line:
-net.ipv4.ping_group_range = 0 2147483647
Is this "minus" a typo? I guess ...
While yum update i get:
Couldn't write '0 2147483647' to '-net/ipv4/ping_group_range', ignoring: No such file or directory
I do not know if it is a typo or not (maybe a functionality I don't know about) .. but if I remove the dash and save the file, everything works as expected.
It is the only option in that file with a dash.
OK .. the minus sign is intentional .. but the functionality to mkae it work is not yet in the packages. See this bug for details:
So the two fixes are to not upgrade iputils and exclude it in your dnf config .. OR .. to take out he minus sign until the issue is fixed.
Or live with suod/root only for ping
Yes, I was also on the same way this morning to find find the same out. Some backports are need for systemd support this "-" prefix.
https://github.com/systemd/systemd/pull/13191/commits/dec02d6e1993d420a0a94c...
-- Leon
On 21/01/2022 15:23, Johnny Hughes wrote:
On 1/21/22 07:53, Johnny Hughes wrote:
On 1/21/22 07:17, Johnny Hughes wrote:
On 1/21/22 05:01, Leon Fauster via CentOS wrote:
Am 20.01.22 um 23:14 schrieb Johnny Hughes:
On 1/20/22 15:07, Johnny Hughes wrote:
On 1/20/22 12:46, Johnny Hughes wrote: > On 1/19/22 08:44, Brian Stinson wrote: >> On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund >> toralf.lund@pgs.com wrote: >>> >>> Following some update or the other (I think) on my CentOS >>> Stream 8 >>> system, I'm no longer able to use ping as a regular user; I get >>> >>> $ ping >>> https://eur04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.centos.... >>> ping: socket: Operation not permitted >>> >>> Does anyone else see this? It it a bug, or were the >>> system/default >>> permissions deliberately changed? Can anyone suggest a >>> fix/workaround? >>> Actually, I can find several different ones via a simple web >>> search, but >>> they are generally related to other distributions, I'm not >>> quite sure >>> which would be the most appropriate for CentOS... >>> >>> Thanks. >>> >>> - Toralf >>> >>> _______________________________________________ >>> CentOS mailing list >>> CentOS@centos.org >>> https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cent... >>> >>> >> >> Folks interested in this issue can watch this bugzilla: >> https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.r... >> >> >> We're waiting for systemd-239-55.el8 sources to show up after >> which we >> will build this and publish to CentOS Stream. Right now this >> appears >> to be an infrastructure issue and the appropriate folks are >> working on >> that, but we also want this package to pass the proper checks >> before >> we build. > > I am doing a compose with this version of systemd in it right > now. Should be released later today. > _______________________________________________
OK .. I am currently releasing an 8-stream compose with systemd-239-55.el8 .. but it does not fix this unpriv ping issue.
I checked internally and it is also a problem on the rhel build for this systemd version, so not an issue introduced by the CentOS Stream build.
This version of systemd should be available in a couple hours on mirror.centos.org.
OK .. to fix this issue until we get a build that fixes it:
Edit /usr/lib/sysctl.d/50-default.conf
take out the minus sign (-) in this line:
-net.ipv4.ping_group_range = 0 2147483647
Is this "minus" a typo? I guess ...
While yum update i get:
Couldn't write '0 2147483647' to '-net/ipv4/ping_group_range', ignoring: No such file or directory
I do not know if it is a typo or not (maybe a functionality I don't know about) .. but if I remove the dash and save the file, everything works as expected.
It is the only option in that file with a dash.
OK .. the minus sign is intentional .. but the functionality to mkae it work is not yet in the packages. See this bug for details:
https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugzilla.r...
So the two fixes are to not upgrade iputils and exclude it in your dnf config .. OR .. to take out he minus sign until the issue is fixed.
Both work for me. Thanks.
Or live with suod/root only for ping
Might also be OK for a short while. Irritation would probably build up over time ;-)
- Toralf
CentOS mailing list CentOS@centos.org https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.cent...
On 1/21/22 06:23, Johnny Hughes wrote:
On 1/21/22 07:53, Johnny Hughes wrote:
On 1/21/22 07:17, Johnny Hughes wrote:
On 1/21/22 05:01, Leon Fauster via CentOS wrote:
Am 20.01.22 um 23:14 schrieb Johnny Hughes:
On 1/20/22 15:07, Johnny Hughes wrote:
On 1/20/22 12:46, Johnny Hughes wrote: > On 1/19/22 08:44, Brian Stinson wrote: >> On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund >> toralf.lund@pgs.com wrote: >>> >>> Following some update or the other (I think) on my CentOS >>> Stream 8 >>> system, I'm no longer able to use ping as a regular user; I get >>> >>> $ ping www.centos.org >>> ping: socket: Operation not permitted >>> >>> Does anyone else see this? It it a bug, or were the >>> system/default >>> permissions deliberately changed? Can anyone suggest a >>> fix/workaround? >>> Actually, I can find several different ones via a simple web >>> search, but >>> they are generally related to other distributions, I'm not >>> quite sure >>> which would be the most appropriate for CentOS... >>> >>> Thanks. >>> >>> - Toralf >>> >>> _______________________________________________ >>> CentOS mailing list >>> CentOS@centos.org >>> https://lists.centos.org/mailman/listinfo/centos >>> >> >> Folks interested in this issue can watch this bugzilla: >> https://bugzilla.redhat.com/show_bug.cgi?id=2037807 >> >> We're waiting for systemd-239-55.el8 sources to show up after >> which we >> will build this and publish to CentOS Stream. Right now this >> appears >> to be an infrastructure issue and the appropriate folks are >> working on >> that, but we also want this package to pass the proper checks >> before >> we build. > > I am doing a compose with this version of systemd in it right > now. Should be released later today. > _______________________________________________
OK .. I am currently releasing an 8-stream compose with systemd-239-55.el8 .. but it does not fix this unpriv ping issue.
I checked internally and it is also a problem on the rhel build for this systemd version, so not an issue introduced by the CentOS Stream build.
This version of systemd should be available in a couple hours on mirror.centos.org.
OK .. to fix this issue until we get a build that fixes it:
Edit /usr/lib/sysctl.d/50-default.conf
take out the minus sign (-) in this line:
-net.ipv4.ping_group_range = 0 2147483647
Is this "minus" a typo? I guess ...
While yum update i get:
Couldn't write '0 2147483647' to '-net/ipv4/ping_group_range', ignoring: No such file or directory
I do not know if it is a typo or not (maybe a functionality I don't know about) .. but if I remove the dash and save the file, everything works as expected.
It is the only option in that file with a dash.
OK .. the minus sign is intentional .. but the functionality to mkae it work is not yet in the packages. See this bug for details:
So the two fixes are to not upgrade iputils and exclude it in your dnf config .. OR .. to take out he minus sign until the issue is fixed.
Thanks for this info. I had a perplexing experience just now. ????
Or live with suod/root only for ping
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On 19/01/2022 15:32, Toralf Lund wrote:
Following some update or the other (I think) on my CentOS Stream 8 system, I'm no longer able to use ping as a regular user; I get
$ ping www.centos.org ping: socket: Operation not permitted
Does anyone else see this? It it a bug, or were the system/default permissions deliberately changed? Can anyone suggest a fix/workaround? Actually, I can find several different ones via a simple web search, but they are generally related to other distributions, I'm not quite sure which would be the most appropriate for CentOS...
Thanks.
- Toralf
"sudo dnf downgrade iputils" should do it for now
it works when you're back on iputils-20180629-7.el8.x86_64
On 1/20/22 10:32 AM, Fabian Arrotin wrote:
On 19/01/2022 15:32, Toralf Lund wrote:
Following some update or the other (I think) on my CentOS Stream 8 system, I'm no longer able to use ping as a regular user; I get
$ ping www.centos.org ping: socket: Operation not permitted
Does anyone else see this? It it a bug, or were the system/default permissions deliberately changed? Can anyone suggest a fix/workaround? Actually, I can find several different ones via a simple web search, but they are generally related to other distributions, I'm not quite sure which would be the most appropriate for CentOS...
Thanks.
- Toralf
"sudo dnf downgrade iputils" should do it for now
it works when you're back on iputils-20180629-7.el8.x86_64
And then add: excludepkgs=iputils-20180629-8.el8.x86_64 in the [baseos] section of /etc/yum/repos.d/CentOS-Stream-BaseOS.repo
On 20/01/2022 17:48, Robert Nichols wrote:
On 1/20/22 10:32 AM, Fabian Arrotin wrote:
On 19/01/2022 15:32, Toralf Lund wrote:
Following some update or the other (I think) on my CentOS Stream 8 system, I'm no longer able to use ping as a regular user; I get
$ ping https://eur04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.centos.... ping: socket: Operation not permitted
Does anyone else see this? It it a bug, or were the system/default permissions deliberately changed? Can anyone suggest a fix/workaround? Actually, I can find several different ones via a simple web search, but they are generally related to other distributions, I'm not quite sure which would be the most appropriate for CentOS...
Thanks.
- Toralf
"sudo dnf downgrade iputils" should do it for now
it works when you're back on iputils-20180629-7.el8.x86_64
And then add: excludepkgs=iputils-20180629-8.el8.x86_64 in the [baseos] section of /etc/yum/repos.d/CentOS-Stream-BaseOS.repo
Right. After downgrading, I have
$ rpm -q --queryformat '[%{FILENAMES} %{FILECAPS}\n]' iputils | grep /usr/bin/ping /usr/bin/ping = cap_net_admin,cap_net_raw+p
I guess this is what was changed in the new version? (Didn't check before downgrading, to lazy to switch back to do it.)
What I don't quite understand is why the updated iputils was released before the systemd/kernel changes others mention...
- Toralf
-
Brian Stinson -
Fabian Arrotin -
Gordon Messmer -
Johnny Hughes -
Kay Schenk -
Leon Fauster -
Robby Callicotte -
Robert Nichols -
Simon Matter -
Toralf Lund