About net_admin: Christian Boltz suggested that [0]: > I'd like to avoid it"
Abuout Debian/Ubuntu: > I suspect that traceroute does just the same on Debian *but* some AppArmor > mediation only supported in the Ubuntu kernel blocks it there. Maybe.. though `strace` does not show these calls on Debian at all. It does not even try to apply these SO_RCVBUFFORCE/SO_SNDBUFFORCE options at all: # strace -e setsockopt traceroute -T google.com >/dev/null setsockopt(3, SOL_IP, IP_MTU_DISCOVER, [0], 4) = 0 setsockopt(3, SOL_SOCKET, SO_TIMESTAMP, [1], 4) = 0 setsockopt(3, SOL_IP, IP_RECVTTL, [1], 4) = 0 setsockopt(3, SOL_IP, IP_RECVERR, [1], 4) = 0 setsockopt(3, SOL_IP, IP_TTL, [1], 4) = 0 setsockopt(3, SOL_IP, IP_TTL, [2], 4) = 0 setsockopt(3, SOL_IP, IP_TTL, [3], 4) = 0 setsockopt(3, SOL_IP, IP_TTL, [4], 4) = 0 setsockopt(3, SOL_IP, IP_TTL, [5], 4) = 0 setsockopt(3, SOL_IP, IP_TTL, [6], 4) = 0 setsockopt(3, SOL_IP, IP_TTL, [7], 4) = 0 setsockopt(3, SOL_IP, IP_TTL, [8], 4) = 0 setsockopt(3, SOL_IP, IP_TTL, [9], 4) = 0 setsockopt(3, SOL_IP, IP_TTL, [10], 4) = 0 setsockopt(3, SOL_IP, IP_TTL, [11], 4) = 0 setsockopt(3, SOL_IP, IP_TTL, [12], 4) = 0 setsockopt(3, SOL_IP, IP_TTL, [13], 4) = 0 setsockopt(3, SOL_IP, IP_TTL, [14], 4) = 0 setsockopt(3, SOL_IP, IP_TTL, [15], 4) = 0 setsockopt(3, SOL_IP, IP_TTL, [16], 4) = 0 setsockopt(3, SOL_IP, IP_TTL, [17], 4) = 0 Maybe I should ask traceroute upstream developers about that..? [0] https://lists.ubuntu.com/archives/apparmor/2017-June/010785.html -- https://code.launchpad.net/~talkless/apparmor/fix_traceroute_tcp/+merge/326260 Your team AppArmor Developers is requested to review the proposed merge of lp:~talkless/apparmor/fix_traceroute_tcp into lp:apparmor. -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
