pasta: Set ping_group_range upon namespace creation
...this allows processes running as the only group available in the namespace to create ICMP Echo sockets. Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
parent
9d19f5bc73
commit
089dec90ca
1 changed files with 4 additions and 0 deletions
4
passt.c
4
passt.c
|
@ -216,6 +216,10 @@ static void pasta_start_ns(struct ctx *c)
|
||||||
write(fd, buf, strlen(buf));
|
write(fd, buf, strlen(buf));
|
||||||
close(fd);
|
close(fd);
|
||||||
|
|
||||||
|
fd = open("/proc/sys/net/ipv4/ping_group_range", O_WRONLY);
|
||||||
|
write(fd, "0 0", strlen("0 0"));
|
||||||
|
close(fd);
|
||||||
|
|
||||||
shell = getenv("SHELL") ? getenv("SHELL") : "/bin/sh";
|
shell = getenv("SHELL") ? getenv("SHELL") : "/bin/sh";
|
||||||
if (strstr(shell, "/bash"))
|
if (strstr(shell, "/bash"))
|
||||||
execve(shell, ((char *[]) { shell, "-l", NULL }), environ);
|
execve(shell, ((char *[]) { shell, "-l", NULL }), environ);
|
||||||
|
|
Loading…
Reference in a new issue