On Sat, Sep 03, 2005 at 04:37:39PM +0200, Andreas John wrote: > Hello! > > I frequently use mtr (a traceroute like util). In a guest it says: > > bastel:/# mtr www.yahoo.de > mtr: unable to get raw sockets.
my crystal ball says that you forgot to set the icmp_raw context capability ... > I assume that it is generally forbidden by context to "get raw > sockets" to prevent guests from doing nasty things? Is there a way to > allow getting raw sockets? For special programs? yes, you can add the CAP_NET_RAW capability but that automatically allows guest root to sniff on other network traffic ... HTH, Herbert > rgds, > Andreas John > > _______________________________________________ > Vserver mailing list > [email protected] > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
