Ping is failing in containers with 'ping: socket: Operation not permitted'

Really strange as a lot of these containers where created months ago and I’ve not seen these issues before.

Am running LXD V5.1

The host machine is running EL8.5 and the instances are running Centos 8
Host has selinux disabled

I’ve worked around the issue by making the containers privileged. If I run ping as root inside the containers that also works. So its my unprivileged container users which have the issue.

I can’t see any logs indicating an issue…

Most likely either a setuid or fscap issue on the ping binary.
Can you try chmod u+s /sbin/ping or whatever path your ping binary is at?

Though that mostly assumes that the issue only happens as non-root users inside of the containers. If root has the same issue, then it’s something different and could be linked to some kind of kernel security feature on the host.

1 Like

Yes ping works as root and the ping_group kernel setting is restrictive so I think that’s the root cause…


Ah yeah, that could be it. I suspect the setuid workaround would likely work and is how ping was shipped in distros for a very long time (and so not particularly risky).