Unable to ping on ArchLinux with kernel 5.15.22-1-lts

trumee · February 13, 2022, 7:01am

Hello,

The host is running ArchLinux and the kernel is 5.15.22-1-lts. The container is also running ArchLinux.

Inside the container the root user is able to ping, but any normal user can no longer ping.

$ lxc exec scanner bash
[root@scanner ~]# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=117 time=10.7 ms
^C
--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 10.707/10.707/10.707/0.000 ms
[root@scanner ~]# su - paperless
[paperless@scanner ~]$ ping 8.8.8.8
[paperless@scanner ~]$

Thanks

trumee · February 13, 2022, 1:52pm

systemd also doesnt work for a non-root user,

$ systemctl --user status brscan-skey.service
Failed to connect to bus: No medium found

trumee · February 14, 2022, 2:28am

Even after downgrading the kernel this issue persists.

 # cat /var/snap/lxd/common/lxd/logs/scanner/lxc.log
lxc scanner 20220214022413.103 WARN     conf - conf.c:lxc_map_ids:3588 - newuidmap binary is missing
lxc scanner 20220214022413.103 WARN     conf - conf.c:lxc_map_ids:3594 - newgidmap binary is missing
lxc scanner 20220214022413.104 WARN     conf - conf.c:lxc_map_ids:3588 - newuidmap binary is missing
lxc scanner 20220214022413.104 WARN     conf - conf.c:lxc_map_ids:3594 - newgidmap binary is missing
lxc scanner 20220214022438.219 WARN     attach - attach.c:get_attach_context:477 - No security context received
lxc scanner 20220214022438.222 WARN     conf - conf.c:lxc_map_ids:3588 - newuidmap binary is missing
lxc scanner 20220214022438.222 WARN     conf - conf.c:lxc_map_ids:3594 - newgidmap binary is missing

@stgraber ArchLinux images broken at the moment (LXD 2.42)?

stgraber · February 14, 2022, 4:02am

Not sure about the dbus thing but for ping, the issue appears to be a missing filesystem capability.

Manually applying setcap cap_net_raw=ep /usr/sbin/ping seems to fix it here.

@monstermunchkin can you look into that one? I’d have expected the archlinux image build logic to either set the capability or have the file setuid so ping works. I don’t know if it’s something that failed when the package got installed or if there’s a problem with distrobuilder not properly keeping fscaps.

trumee · February 14, 2022, 5:44pm

@monstermunchkin I have the same issue on other instances of LXD, so this looks like an archlinux image issue.

monstermunchkin · February 15, 2022, 7:29am