Inside our lxd containers, 2147483647 is too large a gid. That setting will silently fail to be applied (because of the "-" prefix in the config).
We can apply a smaller range inside containers, like 0-65534, but that just means that our default will not work, and if you launch a plucky container you will not have a working ping. Smaller ranges work, and in fact, since the default ubuntu user is part of the adm group, gid 4 is the minimum we need (below, "p" is a plucky lxd container on a noble host): ubuntu@p:~$ sudo getcap /usr/bin/ping ubuntu@p:~$ ubuntu@p:~$ id uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),4(adm),24(cdrom),27(sudo),30(dip),104(lxd) ubuntu@p:~$ sudo sysctl net.ipv4.ping_group_range="0 3" net.ipv4.ping_group_range = 0 3 ubuntu@p:~$ ping 1 ping: socktype: SOCK_RAW ping: socket: Operation not permitted ping: => missing cap_net_raw+p capability or setuid? ubuntu@p:~$ sudo sysctl net.ipv4.ping_group_range="0 4" net.ipv4.ping_group_range = 0 4 ubuntu@p:~$ ping 1 PING 1 (0.0.0.1) 56(84) bytes of data. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2089938 Title: iputils 3:20240905-1 doesn't work for unprivileged users To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iputils/+bug/2089938/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
