Public bug reported:
[impact]
knockd's systemd service restricts its capabilities, so it's unable to
load modules needed for changing iptables rules, e.g. ip6_tables module
[test case]
install knockd, edit /etc/default/knockd to enable it, edit
/etc/knockd.conf to create a test rule, e.g.:
[test]
sequence = 5000,5001,5002
seq_timeout = 5
command = ufw allow proto tcp from any to any port 22
make sure ip6_tables is not loaded on the test system.
from a separate system, perform the knocking (using the appropriate ip
address):
$ knock -d 500 192.168.122.237 5000 5001 5002
check the syslog:
Apr 23 10:50:36 lp1823051 knockd[3628]: ERROR: initcaps
Apr 23 10:50:36 lp1823051 knockd[3628]: [Errno 2] modprobe: ERROR: could not
insert 'ip6_tables': Operation not permitted
[regression potential]
low; any regressions would be around loading/unloading modules.
** Affects: knockd (Ubuntu)
Importance: Medium
Assignee: Dan Streetman (ddstreet)
Status: In Progress
** Affects: knockd (Ubuntu Bionic)
Importance: Medium
Assignee: Dan Streetman (ddstreet)
Status: In Progress
** Affects: knockd (Ubuntu Cosmic)
Importance: Medium
Assignee: Dan Streetman (ddstreet)
Status: In Progress
** Affects: knockd (Ubuntu Disco)
Importance: Medium
Assignee: Dan Streetman (ddstreet)
Status: In Progress
** Affects: knockd (Ubuntu Eoan)
Importance: Medium
Assignee: Dan Streetman (ddstreet)
Status: In Progress
** Also affects: knockd (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: knockd (Ubuntu Eoan)
Importance: Undecided
Status: New
** Also affects: knockd (Ubuntu Cosmic)
Importance: Undecided
Status: New
** Also affects: knockd (Ubuntu Disco)
Importance: Undecided
Status: New
** Changed in: knockd (Ubuntu Bionic)
Status: New => In Progress
** Changed in: knockd (Ubuntu Cosmic)
Status: New => In Progress
** Changed in: knockd (Ubuntu Disco)
Status: New => In Progress
** Changed in: knockd (Ubuntu Eoan)
Status: New => In Progress
** Changed in: knockd (Ubuntu Bionic)
Importance: Undecided => Medium
** Changed in: knockd (Ubuntu Cosmic)
Importance: Undecided => Medium
** Changed in: knockd (Ubuntu Disco)
Importance: Undecided => Medium
** Changed in: knockd (Ubuntu Eoan)
Importance: Undecided => Medium
** Changed in: knockd (Ubuntu Bionic)
Assignee: (unassigned) => Dan Streetman (ddstreet)
** Changed in: knockd (Ubuntu Cosmic)
Assignee: (unassigned) => Dan Streetman (ddstreet)
** Changed in: knockd (Ubuntu Disco)
Assignee: (unassigned) => Dan Streetman (ddstreet)
** Changed in: knockd (Ubuntu Eoan)
Assignee: (unassigned) => Dan Streetman (ddstreet)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1825974
Title:
knockd can't load modules, e.g. ip6_tables
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/knockd/+bug/1825974/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
