On Tue 17.12.2024 22:21:04, Chris Hofstaedtler wrote: > On Tue, Dec 17, 2024 at 10:01:55PM +0100, Lucas Nussbaum wrote: > > On 13/12/24 at 23:41 +0100, Andre Klärner wrote: > > > I would change "which is installed by default" to "which is recommended by > > > iputils-ping", since this default only holds on systems where recommended > > > packages are selected automatically - which e.g. mine do not do to keep > > > the > > > servers lean. > > > > Right. I am not sure why, but it's the same in my image building > > environment: that package is not pulled during installation (that occurs > > with a pre-seeded debian-installer). > > The problem here is that iputils-ping is installed by debootstrap, > because of its Priority. However debootstrap knows nothing about > Recommends. > > I imagine iputils-ping and d-i need to figure out something > together. Maybe it's best to override the Priority of > linux-sysctl-defaults to important, too.
I wonder if iputils-ping should keep the capability-based method around and fall back to it, when the system does not have the sysctl set. After all the behaviour people have relied upon historically is: When I install iputils-ping, any non-root user can ping machines. Right now this only holds true, if linux-sysctl-defaults is installed or the sysctl applied manually, or the user intervenes and either runs setcap or even worse setuids ping. Best regards, Andre -- Andre Klärner
signature.asc
Description: PGP signature
