On 02/12/2016 03:07 PM, Jim Perrin wrote: > > > On 02/11/2016 01:29 AM, Farkas Levente wrote: > >>> >>> +[jperrin at ferrata ~]$ docker run -it centos ping -c 5 google.com >> >> because this is the wrong way to test!!! >> please follow my description! >> in the above way you run ping as root, but you should have to run as a >> non-root user! > > Okay, so here's the issue after yesterday's digging. It appears that > virt-tar-out strips file capabilities, which results in a container with > ping not working as you found. I can work around this by using tar > directly, and passing --xattrs to preserve the capabilities data. This > works if I import the tarball directly into docker, however this > results in an archive that docker's ADD command does not recognize as a > local tar archive for unpacking. Since the ADD command is crucial for > the base container build process, this is a bit of a blocker. > > This appears to be a bug in docker, and I'll be filing it upstream. > However this leads us back to one of the two original fixes. > > Until this is resolved upstream, I can either remove the package, or > leave it in a partly broken state. Which would you prefer? imho ping is not essential in the base image so removing it and everybody install how need it is a better solution than keep a well known broken image. but that's just my 2c. -- Levente "Si vis pacem para bellum!"