-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/14/12 11:02, Mantas Mikulėnas wrote:
> getfattr -d -m "-" ping
I've already run setcap, but
graton% getfattr -d -m "-" $(which ping)
getfattr: Removing leading '/' from absolute path names
# file: usr/bin/ping
security.capability=0sAQAAAgAg
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/14/12 09:35, Mauro Santos wrote:
> dumpe2fs -h
That yields:
graton% sudo dumpe2fs -h /dev/sda3
dumpe2fs 1.42.4 (12-June-2012)
Filesystem volume name:
Last mounted on: /
Filesystem UUID: a7f84383-2cc2-4d70-adb5-3bf909a3f99b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/14/12 09:00, Mauro Santos wrote:
> On 14-07-2012 16:23, Jesse Juhani Jaara wrote:
>> la, 2012-07-14 kello 18:22 +0300, Mantas Mikulėnas kirjoitti:
>>> Which filesystem is your /usr using? Not all file systems
>>> support storing capabilities... t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/14/12 09:05, Thomas Bächler wrote:
> Am 14.07.2012 17:47, schrieb Thomas Bächler:
>> Am 14.07.2012 17:23, schrieb Jesse Juhani Jaara:
>>> la, 2012-07-14 kello 18:22 +0300, Mantas Mikulėnas kirjoitti:
Which filesystem is your /usr using? Not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/14/12 08:22, Mantas Mikulėnas wrote:
> On Sat, Jul 14, 2012 at 6:13 PM, Jesse Juhani Jaara
> wrote:
>> Running "sudo setcap cap_net_raw+ep /usr/bin/ping" manually
>> results in the same (Operation not supported) error.
>
> Which filesystem is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/14/12 08:06, Thomas Bächler wrote:
> setcap cap_net_raw=ep /usr/bin/ping
I have no idea how I broke it either, but this definitely fixed it.
Thanks!
- --
David Benfell
benf...@parts-unknown.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
On 14-07-2012 19:02, Mantas Mikulėnas wrote:
> On Sat, Jul 14, 2012 at 7:35 PM, Mauro Santos
> wrote:
>> I'm not sure if mounting with nouser_xattr might have some influence.
>
> Unlikely. As you noted below, the capabilities are stored in
> security.* namespace, while `user_xattr` only affects t
On Sat, Jul 14, 2012 at 7:35 PM, Mauro Santos
wrote:
> I'm not sure if mounting with nouser_xattr might have some influence.
Unlikely. As you noted below, the capabilities are stored in
security.* namespace, while `user_xattr` only affects the user.*
namespace.
> One funny thing is that 'man cap
Am 14.07.2012 18:58, schrieb Jesse Juhani Jaara:
> I enabled the Security labels on the kernel and it working fine now. The
> kernel config's help message isin't very clear, as starts by refering to
> SeLinux and other security modules (AppAmor,TOMOYo...)
Yes, that message was written before Linux
la, 2012-07-14 kello 18:38 +0200, Thomas Bächler kirjoitti:
> > Actually yesm and a higly stipped down one..
> > Taking a look ot the kernl config it seems I have disabbled 'Security
> > labels' on ext4 module. COuld this be the reason?
> I think so, yes.
I enabled the Security labels on the kerne
Am 14.07.2012 18:26, schrieb Jesse Juhani Jaara:
> la, 2012-07-14 kello 18:05 +0200, Thomas Bächler kirjoitti:
>> Custom kernel maybe?
>
> Actually yesm and a higly stipped down one..
> Taking a look ot the kernl config it seems I have disabbled 'Security
> labels' on ext4 module. COuld this be th
On 14-07-2012 17:03, Jesse Juhani Jaara wrote:
> la, 2012-07-14 kello 17:00 +0100, Mauro Santos kirjoitti:
>> Is the partition mounted with nosuid?
> Nope.
>
>
Jumped the gun too fast, after reading a bit of the man pages I'd say
extended attributes might be to blame.
The output of 'dumpe2fs -h
la, 2012-07-14 kello 18:05 +0200, Thomas Bächler kirjoitti:
> Custom kernel maybe?
Actually yesm and a higly stipped down one..
Taking a look ot the kernl config it seems I have disabbled 'Security
labels' on ext4 module. COuld this be the reason?
signature.asc
Description: This is a digitally s
Am 14.07.2012 17:47, schrieb Thomas Bächler:
> Am 14.07.2012 17:23, schrieb Jesse Juhani Jaara:
>> la, 2012-07-14 kello 18:22 +0300, Mantas Mikulėnas kirjoitti:
>>> Which filesystem is your /usr using? Not all file systems support
>>> storing capabilities... though the error might be caused by some
la, 2012-07-14 kello 17:00 +0100, Mauro Santos kirjoitti:
> Is the partition mounted with nosuid?
Nope.
signature.asc
Description: This is a digitally signed message part
On 14-07-2012 16:23, Jesse Juhani Jaara wrote:
> la, 2012-07-14 kello 18:22 +0300, Mantas Mikulėnas kirjoitti:
>> Which filesystem is your /usr using? Not all file systems support
>> storing capabilities... though the error might be caused by something
>> else, too.
>
> Ext4
>
Is the partition m
Am 14.07.2012 17:23, schrieb Jesse Juhani Jaara:
> la, 2012-07-14 kello 18:22 +0300, Mantas Mikulėnas kirjoitti:
>> Which filesystem is your /usr using? Not all file systems support
>> storing capabilities... though the error might be caused by something
>> else, too.
>
> Ext4
This is getting wei
Ping requires/uses setuid. Probably, the new update was not compiled
properly.
On 14-Jul-2012 8:27 PM, "David Benfell" wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hey all,
>
> Did I miss something? I now have to use sudo in order to ping:
>
> graton% ping 10.1.0.1
> ping: icmp op
la, 2012-07-14 kello 18:22 +0300, Mantas Mikulėnas kirjoitti:
> Which filesystem is your /usr using? Not all file systems support
> storing capabilities... though the error might be caused by something
> else, too.
Ext4
signature.asc
Description: This is a digitally signed message part
On Sat, Jul 14, 2012 at 6:13 PM, Jesse Juhani Jaara
wrote:
> Running "sudo setcap cap_net_raw+ep /usr/bin/ping" manually results in
> the same (Operation not supported) error.
Which filesystem is your /usr using? Not all file systems support
storing capabilities... though the error might be cause
la, 2012-07-14 kello 18:07 +0300, Mantas Mikulėnas kirjoitti:
> `/usr/bin/ping` and `ping6` must be either setuid-root (chmod u+s) or
> have the CAP_NET_RAW capability (setcap cap_net_raw+ep). The Arch
> `iputils` package normally runs `setcap` in its post-install
> script[2].
I just updated my sy
On Sat, Jul 14, 2012 at 5:45 PM, David Benfell
wrote:
> Did I miss something? I now have to use sudo in order to ping:
>
> graton% ping 10.1.0.1
> ping: icmp open socket: Operation not permitted
Crafting ICMP packets requires root privileges, yes. (I vaguely
remember Linux adding a separate socke
Am 14.07.2012 16:45, schrieb David Benfell:
> Hey all,
>
> Did I miss something? I now have to use sudo in order to ping:
No idea how you broke this, but this should fix it:
setcap cap_net_raw=ep /usr/bin/ping
signature.asc
Description: OpenPGP digital signature
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey all,
Did I miss something? I now have to use sudo in order to ping:
graton% ping 10.1.0.1
ping: icmp open socket: Operation not permitted
graton% sudo ping 10.1.0.1
PING 10.1.0.1 (10.1.0.1) 56(84) bytes of data.
64 bytes from 10.1.0.1: icmp_req=1
24 matches
Mail list logo
