From Fedora Project Wiki
< Changes
Enable net.ipv4.ping_group_range in the kernel
Summary
Enable the Linux kernel's net.ipv4.ping_group_range parameter to cover all groups. This will let all users on the operating system create ICMP Echo sockets without using setuid binaries, or having the CAP_NET_ADMIN and CAP_NET_RAW file capabilities.
Owner
- Name: Debarshi Ray
- Email: debarshir@redhat.com
Current status
- Targeted release: Fedora 31
- Last updated: 2019-07-23
- Tracker bug: <will be assigned by the Wrangler>
- Release notes tracker: <will be assigned by the Wrangler>
Detailed Description
Benefit to Fedora
Scope
- Proposal owners: Enable
net.ipv4.ping_group_rangeby adding it to one of the files shipped by the sytemd RPM in/usr/lib/sysctl.dor by creating a new file shipped by the podman or toolbox RPMs. Here is an upstream pull request against systemd.
- Other developers: Depending on which exact RPM will ship the
sysctlsnippet, the relevant package or upstream maintainer would need to review the change.
- Release engineering: N/A (not needed for this Change)
- Policies and guidelines: N/A (not needed for this Change)
- Trademark approval: N/A (not needed for this Change)
Upgrade/compatibility impact
Systems with a previous version of Fedora won't need manual intervention. They will inherit this change when updated.
How To Test
N/A (not a System Wide Change)
User Experience
Dependencies
N/A (not a System Wide Change)
Contingency Plan
- Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
- Contingency deadline: N/A (not a System Wide Change)
- Blocks release? N/A (not a System Wide Change), Yes/No
- Blocks product? product
Documentation
N/A (not a System Wide Change)