aboutgitcodebugslistschat
diff options
context:
space:
mode:
authorStefano Brivio <sbrivio@redhat.com>2021-09-09 15:06:49 +0200
committerStefano Brivio <sbrivio@redhat.com>2021-09-09 15:40:04 +0200
commit089dec90ca99efdb09f56153d11cfae6c5b9b8f1 (patch)
treed45a84f202dd83a9a9881740221fafa9f7054edc
parent9d19f5bc7398710fa4a5dd7173a1f84879de988e (diff)
downloadpasst-089dec90ca99efdb09f56153d11cfae6c5b9b8f1.tar
passt-089dec90ca99efdb09f56153d11cfae6c5b9b8f1.tar.gz
passt-089dec90ca99efdb09f56153d11cfae6c5b9b8f1.tar.bz2
passt-089dec90ca99efdb09f56153d11cfae6c5b9b8f1.tar.lz
passt-089dec90ca99efdb09f56153d11cfae6c5b9b8f1.tar.xz
passt-089dec90ca99efdb09f56153d11cfae6c5b9b8f1.tar.zst
passt-089dec90ca99efdb09f56153d11cfae6c5b9b8f1.zip
pasta: Set ping_group_range upon namespace creation
...this allows processes running as the only group available in the namespace to create ICMP Echo sockets. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat
-rw-r--r--passt.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/passt.c b/passt.c
index 8bed7bb..dfd2f9d 100644
--- a/passt.c
+++ b/passt.c
@@ -216,6 +216,10 @@ static void pasta_start_ns(struct ctx *c)
write(fd, buf, strlen(buf));
close(fd);
+ fd = open("/proc/sys/net/ipv4/ping_group_range", O_WRONLY);
+ write(fd, "0 0", strlen("0 0"));
+ close(fd);
+
shell = getenv("SHELL") ? getenv("SHELL") : "/bin/sh";
if (strstr(shell, "/bash"))
execve(shell, ((char *[]) { shell, "-l", NULL }), environ);
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-01 13:35:19 +0000