Solved Raw sockets for unprivileged process in jail

doddi · 2025-02-06T11:05:24+0000

Hello!

I've successfully set up net-mgmt/icinga2 in a jail. The service runs as the user icinga, which is unable to use ping.

From what I can gather, it's my understanding that allow.raw_sockets; allows the use of raw sockets for the root user of the jail only.

Is there a way to allow raw sockets for unprivileged users in a jail?

Thanks!

covacat · 2025-02-06T12:04:23+0000

they are not allowed on the host for non root (unless maybe special policy / mac) but on "classic" unix they are not allowed
thats why ping is suid root

doddi · 2025-02-06T12:16:46+0000

covacat said:
they are not allowed on the host for non root (unless maybe special policy / mac) but on "classic" unix they are not allowed
thats why ping is suid root

Ah, I see.

Setting the setuid bit using chmod u+s ${JAIL_ROOT}/sbin/ping fixed it, thanks mate!

Solved Raw sockets for unprivileged process in jail

doddi

covacat

doddi