From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Sat 03 Sep 2005 - 17:20:42 BST

• Previous message: Andreas John: "[Vserver] trivial question again: unable to get raw sockets"
• In reply to: Andreas John: "[Vserver] trivial question again: unable to get raw sockets"
• Next in thread: Kevin Pendleton: "Re: [Vserver] trivial question again: unable to get raw sockets"
• Reply: Kevin Pendleton: "Re: [Vserver] trivial question again: unable to get raw sockets"

On Sat, Sep 03, 2005 at 04:37:39PM +0200, Andreas John wrote:
> Hello!
>
> I frequently use mtr (a traceroute like util). In a guest it says:
>
> bastel:/# mtr www.yahoo.de
> mtr: unable to get raw sockets.

my crystal ball says that you forgot to set
the icmp_raw context capability ...

> I assume that it is generally forbidden by context to "get raw
> sockets" to prevent guests from doing nasty things? Is there a way to
> allow getting raw sockets? For special programs?

yes, you can add the CAP_NET_RAW capability
but that automatically allows guest root to
sniff on other network traffic ...

HTH,
Herbert

> rgds,
> Andreas John
>
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

• Previous message: Andreas John: "[Vserver] trivial question again: unable to get raw sockets"
• In reply to: Andreas John: "[Vserver] trivial question again: unable to get raw sockets"
• Next in thread: Kevin Pendleton: "Re: [Vserver] trivial question again: unable to get raw sockets"
• Reply: Kevin Pendleton: "Re: [Vserver] trivial question again: unable to get raw sockets"