From 089dec90ca99efdb09f56153d11cfae6c5b9b8f1 Mon Sep 17 00:00:00 2001
From: Stefano Brivio <sbrivio@redhat.com>
Date: Thu, 9 Sep 2021 15:06:49 +0200
Subject: pasta: Set ping_group_range upon namespace creation

...this allows processes running as the only group available in the
namespace to create ICMP Echo sockets.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
---
 passt.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'passt.c')

diff --git a/passt.c b/passt.c
index 8bed7bb..dfd2f9d 100644
--- a/passt.c
+++ b/passt.c
@@ -216,6 +216,10 @@ static void pasta_start_ns(struct ctx *c)
 	write(fd, buf, strlen(buf));
 	close(fd);
 
+	fd = open("/proc/sys/net/ipv4/ping_group_range", O_WRONLY);
+	write(fd, "0 0", strlen("0 0"));
+	close(fd);
+
 	shell = getenv("SHELL") ? getenv("SHELL") : "/bin/sh";
 	if (strstr(shell, "/bash"))
 		execve(shell, ((char *[]) { shell, "-l", NULL }), environ);
-- 
cgit v1.2.3