-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey all,

Did I miss something? I now have to use sudo in order to ping:

graton% ping 10.1.0.1
ping: icmp open socket: Operation not permitted
graton% sudo ping 10.1.0.1
PING 10.1.0.1 (10.1.0.1) 56(84) bytes of data.
64 bytes from 10.1.0.1: icmp_req=1 ttl=64 time=0.407 ms
64 bytes from 10.1.0.1: icmp_req=2 ttl=64 time=0.367 ms
64 bytes from 10.1.0.1: icmp_req=3 ttl=64 time=0.345 ms
64 bytes from 10.1.0.1: icmp_req=4 ttl=64 time=0.361 ms
^C
- --- 10.1.0.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2997ms
rtt min/avg/max/mdev = 0.345/0.370/0.407/0.022 ms

I thought maybe this was related to the glibc mess, so I finished
cleaning that up (now everything is in /usr/lib with a symbolic link
created for /lib), but that annoyance made no difference.

- --
David Benfell
benfell@parts-unknown.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQAYYJAAoJELT202JKF+xpJPgP/AhURBfrWADG1eR7Pt2dhaXD
twMwg4XSV9FzYM3AMZp4frTRAt/oYIZDD/VXxg6BNoJAt+woKoPI+8Zlj4b2ndNJ
DaSBf5ckJAYVHrRzNH3OuCxOudGzPZ9mrJBEpH7SVzx6IOEYSL 3U+rRbWrMo0uYf
utwpOhbJX2d4EuTggWoON8Iayglz/UB4SQJAuO3gm9+/cDGk6s/1is0n1k42t0iA
J84FfH4XUdvDZoJl6f2pAq4tV+Xv2IGnsCWWEh6/ry59r4q5vv2j00K4BWy8DwA4
078bPW24kGR1uRipVW9RvmEa9SkQJ4F35+YoJF4vXU7nOqpLrr ObOX0eYwQCT5s5
wsO6FkQvzUiDmL6t2/l2VhCd6KUsWXowR4gyslx4+064SYO2OIfA1ikwxpwMAUJO
JXuj3AApauw96QAk//aHI0823WIkS32nh1yhtwBqofoKz3RG91nRsTJfHt1q9f7H
etN2D1BRx8MHsTyetPNP8uEu7zLgieA4OXvJr0fAV3RHZFTZLE 1RKJF6SpdafCBc
UzobDRWBNz31mF5GepLAgsfctTlmy3em336o65voVjdmRdKuTL FkLPIhCaEY7s92
h3pnr3wyxH9KuP50s8wCjJYvD63wSfWbo7kCrsI+C9fqHQ4DTr YTNscioT+Gw8Os
vXrWn3f3bH8PjbZSyNyw
=l0bB
-----END PGP SIGNATURE-----

Am 14.07.2012 16:45, schrieb David Benfell:
> Hey all,
>
> Did I miss something? I now have to use sudo in order to ping:

No idea how you broke this, but this should fix it:

setcap cap_net_raw=ep /usr/bin/ping

On Sat, Jul 14, 2012 at 5:45 PM, David Benfell
<benfell@parts-unknown.org> wrote:
> Did I miss something? I now have to use sudo in order to ping:
>
> graton% ping 10.1.0.1
> ping: icmp open socket: Operation not permitted

Crafting ICMP packets requires root privileges, yes. (I vaguely
remember Linux adding a separate socket type[0][1] for ICMP, but
apparently it's not being used by `ping` yet.)

`/usr/bin/ping` and `ping6` must be either setuid-root (chmod u+s) or
have the CAP_NET_RAW capability (setcap cap_net_raw+ep). The Arch
`iputils` package normally runs `setcap` in its post-install
script[2].

[0]: http://lwn.net/Articles/420799/
[1]: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=c319b4d7
[2]: https://projects.archlinux.org/svntogit/packages.git/tree/trunk/iputils.install?h=packages/iputils

--
Mantas MikulÄ—nas

la, 2012-07-14 kello 18:07 +0300, Mantas MikulÄ—nas kirjoitti:
> `/usr/bin/ping` and `ping6` must be either setuid-root (chmod u+s) or
> have the CAP_NET_RAW capability (setcap cap_net_raw+ep). The Arch
> `iputils` package normally runs `setcap` in its post-install
> script[2].

I just updated my system and got his message and now my ping is not
working as regular user.
------------------------------------------------------------------------
(10/22) päivitetään iputils [#####################################] 100%

Failed to set capabilities on file `usr/bin/ping'
(Operation not supported)
usage: setcap [-q] [-v] (-r|-|<caps>) <filename>
[ ... (-r|-|<capsN>) <filenameN> ]

Note <filename> must be a regular (non-symlink) file.
Failed to set capabilities on file `usr/bin/ping6'
(Operation not supported)
usage: setcap [-q] [-v] (-r|-|<caps>) <filename>
[ ... (-r|-|<capsN>) <filenameN> ]

Note <filename> must be a regular (non-symlink) file.
>> Traceroute is now provided by core/traceroute
------------------------------------------------------------------------

Running "sudo setcap cap_net_raw+ep /usr/bin/ping" manually results in
the same (Operation not supported) error.

On Sat, Jul 14, 2012 at 6:13 PM, Jesse Juhani Jaara
<jesse.jaara@gmail.com> wrote:
> Running "sudo setcap cap_net_raw+ep /usr/bin/ping" manually results in
> the same (Operation not supported) error.

Which filesystem is your /usr using? Not all file systems support
storing capabilities... though the error might be caused by something
else, too.

--
Mantas MikulÄ—nas

la, 2012-07-14 kello 18:22 +0300, Mantas MikulÄ—nas kirjoitti:
> Which filesystem is your /usr using? Not all file systems support
> storing capabilities... though the error might be caused by something
> else, too.

Ext4

Ping requires/uses setuid. Probably, the new update was not compiled
properly.
On 14-Jul-2012 8:27 PM, "David Benfell" <benfell@parts-unknown.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hey all,
>
> Did I miss something? I now have to use sudo in order to ping:
>
> graton% ping 10.1.0.1
> ping: icmp open socket: Operation not permitted
> graton% sudo ping 10.1.0.1
> PING 10.1.0.1 (10.1.0.1) 56(84) bytes of data.
> 64 bytes from 10.1.0.1: icmp_req=1 ttl=64 time=0.407 ms
> 64 bytes from 10.1.0.1: icmp_req=2 ttl=64 time=0.367 ms
> 64 bytes from 10.1.0.1: icmp_req=3 ttl=64 time=0.345 ms
> 64 bytes from 10.1.0.1: icmp_req=4 ttl=64 time=0.361 ms
> ^C
> - --- 10.1.0.1 ping statistics ---
> 4 packets transmitted, 4 received, 0% packet loss, time 2997ms
> rtt min/avg/max/mdev = 0.345/0.370/0.407/0.022 ms
>
> I thought maybe this was related to the glibc mess, so I finished
> cleaning that up (now everything is in /usr/lib with a symbolic link
> created for /lib), but that annoyance made no difference.
>
> - --
> David Benfell
> benfell@parts-unknown.org
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.19 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQIcBAEBAgAGBQJQAYYJAAoJELT202JKF+xpJPgP/AhURBfrWADG1eR7Pt2dhaXD
> twMwg4XSV9FzYM3AMZp4frTRAt/oYIZDD/VXxg6BNoJAt+woKoPI+8Zlj4b2ndNJ
> DaSBf5ckJAYVHrRzNH3OuCxOudGzPZ9mrJBEpH7SVzx6IOEYSL 3U+rRbWrMo0uYf
> utwpOhbJX2d4EuTggWoON8Iayglz/UB4SQJAuO3gm9+/cDGk6s/1is0n1k42t0iA
> J84FfH4XUdvDZoJl6f2pAq4tV+Xv2IGnsCWWEh6/ry59r4q5vv2j00K4BWy8DwA4
> 078bPW24kGR1uRipVW9RvmEa9SkQJ4F35+YoJF4vXU7nOqpLrr ObOX0eYwQCT5s5
> wsO6FkQvzUiDmL6t2/l2VhCd6KUsWXowR4gyslx4+064SYO2OIfA1ikwxpwMAUJO
> JXuj3AApauw96QAk//aHI0823WIkS32nh1yhtwBqofoKz3RG91nRsTJfHt1q9f7H
> etN2D1BRx8MHsTyetPNP8uEu7zLgieA4OXvJr0fAV3RHZFTZLE 1RKJF6SpdafCBc
> UzobDRWBNz31mF5GepLAgsfctTlmy3em336o65voVjdmRdKuTL FkLPIhCaEY7s92
> h3pnr3wyxH9KuP50s8wCjJYvD63wSfWbo7kCrsI+C9fqHQ4DTr YTNscioT+Gw8Os
> vXrWn3f3bH8PjbZSyNyw
> =l0bB
> -----END PGP SIGNATURE-----
>

Am 14.07.2012 17:23, schrieb Jesse Juhani Jaara:
> la, 2012-07-14 kello 18:22 +0300, Mantas MikulÄ—nas kirjoitti:
>> Which filesystem is your /usr using? Not all file systems support
>> storing capabilities... though the error might be caused by something
>> else, too.
>
> Ext4

This is getting weird. ext4 definitely supports file capabilities.

On 14-07-2012 16:23, Jesse Juhani Jaara wrote:
> la, 2012-07-14 kello 18:22 +0300, Mantas MikulÄ—nas kirjoitti:
>> Which filesystem is your /usr using? Not all file systems support
>> storing capabilities... though the error might be caused by something
>> else, too.
>
> Ext4
>

Is the partition mounted with nosuid?

--
Mauro Santos

la, 2012-07-14 kello 17:00 +0100, Mauro Santos kirjoitti:
> Is the partition mounted with nosuid?
Nope.