On Mon, Mar 18, 2019 at 11:27:40PM +0100, Pierre Emeriaud wrote: > Hello Claudio, > > Le lun. 18 mars 2019 à 23:07, Claudio Jeker <[email protected]> a écrit : > > > > > lg(rdomain1)$ doas ping -V0 1.1.1.1 > > > ping: setsockopt SO_RTABLE: Operation not permitted > > > > This is expected behaviour. From setrtable(2): > > > > Only the superuser is allowed to change the process routing table if it > > is already set to a non-zero value. > > I tried with doas, so now with root: > > lg(rdomain1)$ doas su - > lg# id > uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), > 5(operator), 20(staff), 31(guest) > lg# id -R > 1 > lg# ping -V0 1.1.1.1 > ping: setsockopt SO_RTABLE: Operation not permitted > > I was aware of the root restriction, and I'm thankfull for it :) >
Ping is a bit of a special case since it runs with user _ping when started as root. So by the time the SO_RTABLE is issued it does not have the privs to do it. The ping -V option only works when used in rdomain 0. You can use route -T0 exec ping 1.1.1.1 (but I guess you already knew that). -- :wq Claudio
