Hi Noah, On 18-10-2024 19:43, Noah Meyerhans wrote:
In bookworm and earlier, ping uses CAP_NET_RAW file capabilities in order to obtain permission to transmit ICMP. The version in trixie and later no longer sets file based capabilities, instead relying on the net.ipv4.ping_group_range sysctl. This is a system-wide configuration, not controlled by ping. The default value, as set by the linux-sysctl-defaults package in trixe+ and listed as a Recommends by iputils-ping, grants permission for unprivileged users to run ping.Based on the above, I don't see this as a bug in ping, but rather an issue with the particular environment in which it's being executed. My recommendation is to ensure that you've got the sysctl value set appropriately as from https://salsa.debian.org/kernel-team/linux-base/-/blob/master/sysctl.d/50-default.conf?ref_type=heads#L39-45
I don't follow from the above how the test can be flagged as a regression between unstable and testing then. The test in trixie passes, while if fails with binaries from unstable. Did the change you refer to above really already happened in trixie?
As we currently test with lxc, do these settings really need to be set on the host, or should the test set them in the testbed?
Paul
OpenPGP_signature.asc
Description: OpenPGP digital signature
