Hide Forgot
Description of problem: On a system with nfs root, ping fails unless the user is root. Version-Release number of selected component (if applicable): iputils-20101006-11.fc16 How reproducible: Always Steps to Reproduce: 1.Create a system with nfs root. (Alternatively nfs mount root to somewhere convenient) 2.As a non-privileged user, run /bin/ping <remote. (or <alternate root>/bin/ping <remote>) Actual results: $ ping fs ping: icmp open socket: Operation not permitted Expected results: successful ping Additional info: Running on the nfs client: # rpm -V iputils ........P /bin/ping ........P /bin/ping6 shows that the capabilities of /bin/ping have changed. However on the nfs server if I chroot to the exported root and run rpm -V it passes. Also (on the nfs client): # getcap /bin/ping Failed to get capabilities of file `/bin/ping' (Operation not supported) The server is Fedora 14. It seems that nfs does not support file capabilities and so the switch from suid ping to file capability cap_net_raw+ep breaks nfs root configurations.
This is easy reproducible and there is not necessary to have nfs root. It's enough to have e.g. ping binary using file capability in exported directory. I guess NFS really doesn't support file capability. There is nothing to do from iputils point of view. This means iputils will not set suid by default. You can use setting suid manually as a workaround. I've added Steven Grubb to CC. He could put more details here.
"NOTABUG"? I filed it here because it is the change to the iputils packaging which caused the lossage. "CANTFIX" or "WONTFIX" or re-attribute to nfs seems appropriate. "NOTABUG" implies "works as expected" which I don't think is the case.