On 02/11/2016 01:29 AM, Farkas Levente wrote: >> >> +[jperrin at ferrata ~]$ docker run -it centos ping -c 5 google.com > > because this is the wrong way to test!!! > please follow my description! > in the above way you run ping as root, but you should have to run as a > non-root user! Okay, so here's the issue after yesterday's digging. It appears that virt-tar-out strips file capabilities, which results in a container with ping not working as you found. I can work around this by using tar directly, and passing --xattrs to preserve the capabilities data. This works if I import the tarball directly into docker, however this results in an archive that docker's ADD command does not recognize as a local tar archive for unpacking. Since the ADD command is crucial for the base container build process, this is a bit of a blocker. This appears to be a bug in docker, and I'll be filing it upstream. However this leads us back to one of the two original fixes. Until this is resolved upstream, I can either remove the package, or leave it in a partly broken state. Which would you prefer? -- Jim Perrin The CentOS Project | http://www.centos.org twitter: @BitIntegrity | GPG Key: FA09AD77