All it takes is setting /proc/sys/net/ipv4/ping_group_range to: 0 2147483647 and ping/traceroute should no longer require any privs. # echo '0 2147483647' > /proc/sys/net/ipv4/ping_group_range # su - maze Last login: Tue Mar 5 20:48:48 PST 2019 on pts/0 $ cp /usr/bin/ping ./ping $ ./ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.026 ms 64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.034 ms ^C --- 127.0.0.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 44ms rtt min/avg/max/mdev = 0.026/0.030/0.034/0.004 ms $ cp /usr/bin/traceroute ./traceroute $ ./traceroute 127.0.0.1 traceroute to 127.0.0.1 (127.0.0.1), 30 hops max, 60 byte packets 1 localhost (127.0.0.1) 0.024 ms 0.008 ms 0.006 ms
This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle. Changing version to 31.
The sysctl change has been implemented by https://bugzilla.redhat.com/show_bug.cgi?id=1740809, but ping still has cap_net_raw and cap_net_admin capabilities. Jan, can you remove these from the spec file?
This bug appears to have been reported against 'rawhide' during the Fedora 32 development cycle. Changing version to 32.
https://src.fedoraproject.org/rpms/iputils/c/84948e9f8ffacd36875356f920533497a9d20e18?branch=master