[Touch-packages] [Bug 1703649] Re: Traceroute needs net_admin capability for unknown reason

Wed, 30 Jun 2021 13:37:08 -0700 

** Changed in: systemd (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1703649

Title:
  Traceroute needs net_admin capability for unknown reason

Status in systemd package in Ubuntu:
  Invalid
Status in traceroute package in Ubuntu:
  New

Bug description:
  With help of AppArmor on 17.04 and 17.10 I've discovered that
  traceroute needs net_admin capabilities.

  My plan is to update [0] AppArmor profile to fix various DENIED
  messages in syslog/audit for traceroute, though I am not sure about
  allowing, or denying, net_admin capability.

  Looks like traceroute tries to set SO_RCVBUFFORCE and SO_SNDBUFFORCE:

  setsockopt(4, SOL_SOCKET, SO_RCVBUFFORCE, [8388608], 4) = -1 EPERM (Operation 
not permitted)
  setsockopt(4, SOL_SOCKET, SO_RCVBUF, [8388608], 4) = 0
  setsockopt(4, SOL_SOCKET, SO_SNDBUFFORCE, [8388608], 4) = -1 EPERM (Operation 
not permitted)
  setsockopt(4, SOL_SOCKET, SO_SNDBUF, [8388608], 4) = 0
  setsockopt(4, SOL_SOCKET, SO_RCVBUFFORCE, [8388608], 4) = -1 EPERM (Operation 
not permitted)
  setsockopt(4, SOL_SOCKET, SO_RCVBUF, [8388608], 4) = 0
  setsockopt(4, SOL_SOCKET, SO_SNDBUFFORCE, [8388608], 4) = -1 EPERM (Operation 
not permitted)
  setsockopt(4, SOL_SOCKET, SO_SNDBUF, [8388608], 4) = 0
  setsockopt(4, SOL_SOCKET, SO_RCVBUFFORCE, [8388608], 4) = -1 EPERM (Operation 
not permitted)
  setsockopt(4, SOL_SOCKET, SO_RCVBUF, [8388608], 4) = 0
  setsockopt(4, SOL_SOCKET, SO_SNDBUFFORCE, [8388608], 4) = -1 EPERM (Operation 
not permitted)
  setsockopt(4, SOL_SOCKET, SO_SNDBUF, [8388608], 4) = 0
  setsockopt(4, SOL_SOCKET, SO_RCVBUFFORCE, [8388608], 4) = -1 EPERM (Operation 
not permitted)
  setsockopt(4, SOL_SOCKET, SO_RCVBUF, [8388608], 4) = 0
  setsockopt(4, SOL_SOCKET, SO_SNDBUFFORCE, [8388608], 4) = -1 EPERM (Operation 
not permitted)

  What is interesting, that traceroute developer does not recall
  changing these values [1]. On Debian Sid and OpenSuse Tumbleweed this
  issue does not reproduce either.

  Could it be some Ubuntu-specific patch in the works? It seems that
  traceroute works OK without net_admin...

  Thanks!

  [0] 
https://code.launchpad.net/~talkless/apparmor/fix_traceroute_tcp/+merge/326260
  [1] https://sourceforge.net/p/traceroute/mailman/message/35927818/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1703649/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to