search

dyne / dynebolic-upstream

dyne:bolic is a nomadic operating system, 100% Free, based on GNU/Linux
http://dynebolic.org
34 stars 23 forks source link

network permissions: allow user icmp access by default #23

Closed adam-burns closed 5 months ago

adam-burns commented 5 months ago

Under dyneIV-20240116.iso image, default user dyne has no access to use ping over network interfaces, ie.

dyne@dynebolic:~$ ping dyne.org
ping: socktype: SOCK_RAW
ping: socket: Operation not permitted
ping: => missing cap_net_raw+p capability or setuid?

Possible run time fix:

echo 'net.ipv4.ping_group_range = 0 2147483647' > /etc/sysctl.d/99-user-ping.conf
sysctl -p /etc/sysctl.d/99-user-ping.conf

However, TBH, this could be best solved at build time, as some non-root system processes use ICMP ping to check availability of network resources (eg. NetworkManager, etc).

adam-burns commented 5 months ago

implemented in 78e6636

Sakrecoer commented 5 months ago

implemented in https://github.com/dyne/dynebolic/commit/78e6636e321400221d11ea723f9d8242d04e5800

woudln't it be this? https://github.com/dyne/dynebolic/commit/38cb42addff546e2f728f2fb680f2494add4f532

sorry if st00pid question, just trying to wrap my head around it :sweat_smile: