Re: [CentOS] [External] Re: Ping as regular user not allowed (CentOS Stream 8)
On 20/01/2022 17:48, Robert Nichols wrote:
On 1/20/22 10:32 AM, Fabian Arrotin wrote:
On 19/01/2022 15:32, Toralf Lund wrote:
Following some update or the other (I think) on my CentOS Stream 8
system, I'm no longer able to use ping as a regular user; I get
$ ping
https://eur04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.centos.org%2Fdata=04%7C01%7Ctoralf.lund%40pgs.com%7C07eb6f60244843e98f7908d9dc34b549%7C51d05d6147e9480b93b298dc84f1ed06%7C0%7C0%7C637782942100118038%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=Fh6MVkDnXLWQl9ArUjqZQcfRfTwZG2bBWrQSNVmtsDo%3Dreserved=0
ping: socket: Operation not permitted
Does anyone else see this? It it a bug, or were the system/default
permissions deliberately changed? Can anyone suggest a
fix/workaround? Actually, I can find several different ones via a
simple web search, but they are generally related to other
distributions, I'm not quite sure which would be the most
appropriate for CentOS...
Thanks.
- Toralf
"sudo dnf downgrade iputils" should do it for now
it works when you're back on iputils-20180629-7.el8.x86_64
And then add:
excludepkgs=iputils-20180629-8.el8.x86_64
in the [baseos] section of /etc/yum/repos.d/CentOS-Stream-BaseOS.repo
Right. After downgrading, I have
$ rpm -q --queryformat '[%{FILENAMES} %{FILECAPS}\n]' iputils | grep
/usr/bin/ping
/usr/bin/ping = cap_net_admin,cap_net_raw+p
I guess this is what was changed in the new version? (Didn't check
before downgrading, to lazy to switch back to do it.)
What I don't quite understand is why the updated iputils was released
before the systemd/kernel changes others mention...
- Toralf
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ping as regular user not allowed (CentOS Stream 8)
On 1/20/22 03:13, Simon Matter wrote: But seriously, this should be a warning how dangerous even the smallest bug in systemd can be. In this case it's absolutely harmless but it shows once more how domineering systemd became to be in the Linux ecosystem. A bit frightening for me. I don't think that's particularly justified. A change was made to remove the capability from the file and instead set a kernel parameter that allows users to ping based on their GID, in order to allow ping to work from rootless containers. Systemd's only involvement here is that it loads sysctls when the system boots, and those sysctl files are bundled in its RPM. https://fedoraproject.org/wiki/Changes/EnableSysctlPingGroupRange ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ping as regular user not allowed (CentOS Stream 8)
On 1/20/22 15:07, Johnny Hughes wrote: On 1/20/22 12:46, Johnny Hughes wrote: On 1/19/22 08:44, Brian Stinson wrote: On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund wrote: Following some update or the other (I think) on my CentOS Stream 8 system, I'm no longer able to use ping as a regular user; I get $ ping www.centos.org ping: socket: Operation not permitted Does anyone else see this? It it a bug, or were the system/default permissions deliberately changed? Can anyone suggest a fix/workaround? Actually, I can find several different ones via a simple web search, but they are generally related to other distributions, I'm not quite sure which would be the most appropriate for CentOS... Thanks. - Toralf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Folks interested in this issue can watch this bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2037807 We're waiting for systemd-239-55.el8 sources to show up after which we will build this and publish to CentOS Stream. Right now this appears to be an infrastructure issue and the appropriate folks are working on that, but we also want this package to pass the proper checks before we build. I am doing a compose with this version of systemd in it right now. Should be released later today. ___ OK .. I am currently releasing an 8-stream compose with systemd-239-55.el8 .. but it does not fix this unpriv ping issue. I checked internally and it is also a problem on the rhel build for this systemd version, so not an issue introduced by the CentOS Stream build. This version of systemd should be available in a couple hours on mirror.centos.org. OK .. to fix this issue until we get a build that fixes it: Edit /usr/lib/sysctl.d/50-default.conf take out the minus sign (-) in this line: -net.ipv4.ping_group_range = 0 2147483647 Thanks, Johnny Hughes ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ping as regular user not allowed (CentOS Stream 8)
The change to iputils should be read in context with this change to systemd: https://github.com/redhat-plumbers/systemd-rhel8/pull/246/files To me this reads like the intent is to remove the capabilities on the ping binary, while using another mechanism to allow non-root users to still use the ping utility. --Brian On Thu, Jan 20, 2022 at 3:57 PM Robby Callicotte via CentOS wrote: > > On Thursday, January 20, 2022 3:52:35 PM CST Leon Fauster via CentOS wrote: > > The change was intentional. So, this will stay ...? > > > > https://git.centos.org/rpms/iputils/c/efa64b5e05ccb2c1332304ad493acc874b61e1 > > 3a?branch=c8s > > If this is intentional, what is the reasoning behind it? This seems a bit > heavy handed no? > > -- > Robby Callicotte > He/Him/His > Timezone: America/Chicago > IRC: c4t3l | Twitter: @robbycl2v > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ping as regular user not allowed (CentOS Stream 8)
On Thursday, January 20, 2022 3:52:35 PM CST Leon Fauster via CentOS wrote: > The change was intentional. So, this will stay ...? > > https://git.centos.org/rpms/iputils/c/efa64b5e05ccb2c1332304ad493acc874b61e1 > 3a?branch=c8s If this is intentional, what is the reasoning behind it? This seems a bit heavy handed no? -- Robby Callicotte He/Him/His Timezone: America/Chicago IRC: c4t3l | Twitter: @robbycl2v ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ping as regular user not allowed (CentOS Stream 8)
Am 20.01.22 um 22:07 schrieb Johnny Hughes: On 1/20/22 12:46, Johnny Hughes wrote: On 1/19/22 08:44, Brian Stinson wrote: On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund wrote: Following some update or the other (I think) on my CentOS Stream 8 system, I'm no longer able to use ping as a regular user; I get $ ping www.centos.org ping: socket: Operation not permitted Does anyone else see this? It it a bug, or were the system/default permissions deliberately changed? Can anyone suggest a fix/workaround? Actually, I can find several different ones via a simple web search, but they are generally related to other distributions, I'm not quite sure which would be the most appropriate for CentOS... Thanks. - Toralf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Folks interested in this issue can watch this bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2037807 We're waiting for systemd-239-55.el8 sources to show up after which we will build this and publish to CentOS Stream. Right now this appears to be an infrastructure issue and the appropriate folks are working on that, but we also want this package to pass the proper checks before we build. I am doing a compose with this version of systemd in it right now. Should be released later today. ___ OK .. I am currently releasing an 8-stream compose with systemd-239-55.el8 .. but it does not fix this unpriv ping issue. The change was intentional. So, this will stay ...? https://git.centos.org/rpms/iputils/c/efa64b5e05ccb2c1332304ad493acc874b61e13a?branch=c8s I checked internally and it is also a problem on the rhel build for this systemd version, so not an issue introduced by the CentOS Stream build. This version of systemd should be available in a couple hours on mirror.centos.org. Thanks, Johnny Hughes ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ping as regular user not allowed (CentOS Stream 8)
On 1/20/22 12:46, Johnny Hughes wrote: On 1/19/22 08:44, Brian Stinson wrote: On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund wrote: Following some update or the other (I think) on my CentOS Stream 8 system, I'm no longer able to use ping as a regular user; I get $ ping www.centos.org ping: socket: Operation not permitted Does anyone else see this? It it a bug, or were the system/default permissions deliberately changed? Can anyone suggest a fix/workaround? Actually, I can find several different ones via a simple web search, but they are generally related to other distributions, I'm not quite sure which would be the most appropriate for CentOS... Thanks. - Toralf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Folks interested in this issue can watch this bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2037807 We're waiting for systemd-239-55.el8 sources to show up after which we will build this and publish to CentOS Stream. Right now this appears to be an infrastructure issue and the appropriate folks are working on that, but we also want this package to pass the proper checks before we build. I am doing a compose with this version of systemd in it right now. Should be released later today. ___ OK .. I am currently releasing an 8-stream compose with systemd-239-55.el8 .. but it does not fix this unpriv ping issue. I checked internally and it is also a problem on the rhel build for this systemd version, so not an issue introduced by the CentOS Stream build. This version of systemd should be available in a couple hours on mirror.centos.org. Thanks, Johnny Hughes ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ping as regular user not allowed (CentOS Stream 8)
On 1/19/22 08:44, Brian Stinson wrote: On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund wrote: Following some update or the other (I think) on my CentOS Stream 8 system, I'm no longer able to use ping as a regular user; I get $ ping www.centos.org ping: socket: Operation not permitted Does anyone else see this? It it a bug, or were the system/default permissions deliberately changed? Can anyone suggest a fix/workaround? Actually, I can find several different ones via a simple web search, but they are generally related to other distributions, I'm not quite sure which would be the most appropriate for CentOS... Thanks. - Toralf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos Folks interested in this issue can watch this bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2037807 We're waiting for systemd-239-55.el8 sources to show up after which we will build this and publish to CentOS Stream. Right now this appears to be an infrastructure issue and the appropriate folks are working on that, but we also want this package to pass the proper checks before we build. I am doing a compose with this version of systemd in it right now. Should be released later today. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] question hitrate log4j
Hallo, how many hits do you ve on your system. I ve hits from 0 to more than 50 depending on the function of the system (for example developer system or desktop of a secretary) Ralf Von meinem iPad gesendet ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ping as regular user not allowed (CentOS Stream 8)
On 1/20/22 10:32 AM, Fabian Arrotin wrote: On 19/01/2022 15:32, Toralf Lund wrote: Following some update or the other (I think) on my CentOS Stream 8 system, I'm no longer able to use ping as a regular user; I get $ ping www.centos.org ping: socket: Operation not permitted Does anyone else see this? It it a bug, or were the system/default permissions deliberately changed? Can anyone suggest a fix/workaround? Actually, I can find several different ones via a simple web search, but they are generally related to other distributions, I'm not quite sure which would be the most appropriate for CentOS... Thanks. - Toralf "sudo dnf downgrade iputils" should do it for now it works when you're back on iputils-20180629-7.el8.x86_64 And then add: excludepkgs=iputils-20180629-8.el8.x86_64 in the [baseos] section of /etc/yum/repos.d/CentOS-Stream-BaseOS.repo -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ping as regular user not allowed (CentOS Stream 8)
On 19/01/2022 15:32, Toralf Lund wrote: Following some update or the other (I think) on my CentOS Stream 8 system, I'm no longer able to use ping as a regular user; I get $ ping www.centos.org ping: socket: Operation not permitted Does anyone else see this? It it a bug, or were the system/default permissions deliberately changed? Can anyone suggest a fix/workaround? Actually, I can find several different ones via a simple web search, but they are generally related to other distributions, I'm not quite sure which would be the most appropriate for CentOS... Thanks. - Toralf "sudo dnf downgrade iputils" should do it for now it works when you're back on iputils-20180629-7.el8.x86_64 -- Fabian Arrotin The CentOS Project | https://www.centos.org gpg key: 17F3B7A1 | twitter: @arrfab OpenPGP_signature Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] LUX repo
Hi List, does anyone use the lux repo. I needed perl-Mail-POP3Client-2.19-5.el7.noarch.rpm except for el8, it was in epel for el7 only place I found it was at repo.iotti.biz/CentOS/8/noarch/perl-Mail-POP3Client-2.19-1.el8.lux.noarch.rpm Thanks, Steve Email Confidentiality Notice: The information contained in this transmission may contain privileged and confidential and/or protected health information (PHI) and may be subject to protection under the law, including the Health Insurance Portability and Accountability Act of 1996, as amended (HIPAA). This transmission is intended for the sole use of the individual or entity to whom it is addressed. If you are not the intended recipient, you are notified that any use, dissemination, distribution, printing or copying of this transmission is strictly prohibited and may subject you to criminal or civil penalties. If you have received this transmission in error, please contact the sender immediately and delete this email and any attachments from any computer. Vaso Corporation and its subsidiary companies are not responsible for data leaks that result from email messages received that contain privileged and confidential and/or protected health information (PHI). ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Ping as regular user not allowed (CentOS Stream 8)
> Am 19.01.22 um 15:44 schrieb Brian Stinson: >> On Wed, Jan 19, 2022 at 8:33 AM Toralf Lund wrote: >>> >>> Following some update or the other (I think) on my CentOS Stream 8 >>> system, I'm no longer able to use ping as a regular user; I get >>> >>> $ ping www.centos.org >>> ping: socket: Operation not permitted >>> >>> Does anyone else see this? It it a bug, or were the system/default >>> permissions deliberately changed? Can anyone suggest a fix/workaround? >>> Actually, I can find several different ones via a simple web search, >>> but >>> they are generally related to other distributions, I'm not quite sure >>> which would be the most appropriate for CentOS... >>> > > > I also noticed this "change". > > >> >> Folks interested in this issue can watch this bugzilla: >> https://bugzilla.redhat.com/show_bug.cgi?id=2037807 >> >> We're waiting for systemd-239-55.el8 sources to show up after which we >> will build this and publish to CentOS Stream. Right now this appears >> to be an infrastructure issue and the appropriate folks are working on >> that, but we also want this package to pass the proper checks before >> we build. >> > > > Is this a regression of the last systemd update? Yes, systemd, this new operating system which still lacks a kernel ;-) But seriously, this should be a warning how dangerous even the smallest bug in systemd can be. In this case it's absolutely harmless but it shows once more how domineering systemd became to be in the Linux ecosystem. A bit frightening for me. Regards, Simon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
