On Thu, Oct 14, 2004 at 03:22:08PM -0400, Gregory (Grisha) Trubetskoy wrote: > > I noticed that in vs 1.9.3 ping appears to work even without CAP_NET_RAW > (This is Fedora Core 2). > > Just curious, how's this possible?
we developed some kind of magic which allows to open raw ICMP sockets but forbids the other RAW sockets, in such way that it seems a little more secure ... removing the VXC_RAW_ICMP context capability will yield the old behaviour (without CAP_NET_RAW) HTH, Herbert > > Thanks! > > Grisha > _______________________________________________ > Vserver mailing list > [EMAIL PROTECTED] > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
