iputils-ping 20150815 fails inside containers because socket(PF_INET, SOCK_DGRAM, IPPROTO_ICMP) is restricted by vz_security_protocol_check()
The patch enables creation of such sockets inside containers. By default sys_socket still fails because default setting of sysctl net.ipv4.ping_group_range, however it's enough for iputils-ping 20150815. its fallback handles this situation and successfully creates RAW socket. According to ptikhomirov@ this sysctl will be enabled inside conaintes soon, and in future it will be saved/restored by criu. https://bugs.openvz.org/browse/OVZ-6744 Signed-off-by: Vasily Averin <[email protected]>
_______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
