Simon Josefsson <[email protected]> skribis: > Simon Josefsson <[email protected]> writes: > >> I noticed Guix installs ping and ping6 from inetutils with the setuid >> bit enabled. There is new support for non-setuid usage in this release, >> however I was not able to get it to work. Comparing with iputils' ping >> it looks like what we have might not be sufficient, but I can't tell for >> sure. > > I was able to get non-root inetutils-ping to work like this: > > jas@latte:~/src/inetutils/ping$ sudo setcap cap_net_raw+ep ping > jas@latte:~/src/inetutils/ping$ ./ping 192.168.1.2 > PING 192.168.1.2 (192.168.1.2): 56 data bytes > 64 bytes from 192.168.1.2: icmp_seq=0 ttl=64 time=0,432 ms > 64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0,479 ms > > Would this level of support allow guix to make ping/ping6 non-setuid?
Ah no. Well I guess that, in addition to the ‘setuid-programs’ field, we could provide a more fine-grained list of programs with specific capabilities, but that doesn’t exist yet. Ludo’.
