PrivateDevices=yes stops fping from working on Ubuntu 18.04

[trenta]

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: 6.4.2
• Ruby:
• Distribution:
• Module version: 6.7.0

How to reproduce (e.g Puppet code you use)

What are you seeing

All simple ICMP ping checks failing

What behaviour did you expect instead

Output log

fping failed: (null): can't create socket (must run as root?) : Permission denied

Any additional information you'd like to impart

This was found https://bugs.archlinux.org/task/60113

I understand that Ubuntu 18.04 isn't supported by this module yet though.

[grunt009]

Same issue here, use of NoNewPrivileges=no seems not to work and produces the same error. This also prevents use of ping in the web interface.

[luisgalang]

Hi, You should do two steps to get fping working in zabbix on Ubuntu 18.04:

• chmod ug+s /usr/bin/fping
• Comment the following line in /etc/systemd/system/zabbix-server.service

  PrivateDevices=yes

I guess template file from the repo should be updated (https://github.com/voxpupuli/puppet-zabbix/blob/master/templates/zabbix-server-systemd.init.erb) to comment that line.

[jordips]

Same issue here. We are using it with ubuntu 18.04. I don't know if it's really useful in this case... but this prevents zabbix to work properly using fping.

[Samgarr]

Also issue here. According to docs, PrivateDevices=yes implies NoNewPrivileges=yes, which prevent gaining pinger process setuid privileges or capabilities.

[xray-sky]

I found that simply changing PrivateTmp=yes to PrivateTmp=no was all that was needed to fix the fping failure on the zabbix server in 18.04. Be nice to get this addressed one way or another, though.

The proxies are working with fping on 18.04 as-is (or at least I'm not seeing the same errors in the proxy logs).