[CentOS] [External] Re: Ping as regular user not allowed (CentOS Stream 8)

Fri Jan 21 07:53:58 UTC 2022
Toralf Lund <toralf.lund at pgs.com>

On 20/01/2022 17:48, Robert Nichols wrote:
> On 1/20/22 10:32 AM, Fabian Arrotin wrote:
>> On 19/01/2022 15:32, Toralf Lund wrote:
>>> Following some update or the other (I think) on my CentOS Stream 8 
>>> system, I'm no longer able to use ping as a regular user; I get
>>> $ ping 
>>> https://eur04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.centos.org%2F&data=04%7C01%7Ctoralf.lund%40pgs.com%7C07eb6f60244843e98f7908d9dc34b549%7C51d05d6147e9480b93b298dc84f1ed06%7C0%7C0%7C637782942100118038%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Fh6MVkDnXLWQl9ArUjqZQcfRfTwZG2bBWrQSNVmtsDo%3D&reserved=0
>>> ping: socket: Operation not permitted
>>> Does anyone else see this? It it a bug, or were the system/default 
>>> permissions deliberately changed? Can anyone suggest a 
>>> fix/workaround? Actually, I can find several different ones via a 
>>> simple web search, but they are generally related to other 
>>> distributions, I'm not quite sure which would be the most 
>>> appropriate for CentOS...
>>> Thanks.
>>> - Toralf
>> "sudo dnf downgrade iputils" should do it for now
>> it works when you're back on iputils-20180629-7.el8.x86_64
> And then add:
>     excludepkgs=iputils-20180629-8.el8.x86_64
> in the [baseos] section of /etc/yum/repos.d/CentOS-Stream-BaseOS.repo
Right. After downgrading, I have

$ rpm -q --queryformat '[%{FILENAMES} %{FILECAPS}\n]' iputils | grep 
/usr/bin/ping = cap_net_admin,cap_net_raw+p

I guess this is what was changed in the new version? (Didn't check 
before downgrading, to lazy to switch back to do it.)

What I don't quite understand is why the updated iputils was released 
before the systemd/kernel changes others mention...

- Toralf