setcap-setuid.sh: Add cap_net_admin for ping

Although since Linux kernel 5.17 it can be achieved also by cap_net_raw, it's still too new kernel to rely on that. But we should delete it in the future (there might be some distros, which still prefer to use raw socket and thus use capabilities, e.g. Debian [1] due supporting non-systemd init systems). [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008281#71 Link: iputils#515 Reported-by: Jingzi Meng <mengjingzi18@foxmail.com> Reviewed-by: Matthias Gerstner <matthias.gerstner@suse.com> Reviewed-by: Paul Donohue <git@PaulSD.com> Signed-off-by: Petr Vorel <pvorel@suse.cz>
pevik · Jan 22, 2024 · 19718b0 · 19718b0
1 parent 8372f35
commit 19718b0
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/build-aux/setcap-setuid.sh b/build-aux/setcap-setuid.sh
@@ -1,5 +1,5 @@
 #!/bin/sh
-# Copyright (c) Iputils Project, 2018-2021
+# Copyright (c) Iputils Project, 2018-2024
 # Meson install script to setcap or setuid to an executable.
 
 exec_path="$1/$2"
@@ -17,15 +17,23 @@ _log() {
 case "$perm_type" in
 	caps)
 		params="cap_net_raw+p"
+
 		[ "$2" = "clockdiff" ] && params="cap_net_raw,cap_sys_nice+ep"
+
+		# cap_net_admin is needed for ping -m even on ICMP datagram socket
+		# (or cap_net_raw since Linux kernel 5.17).
+		[ "$2" = "ping" ] && params="cap_net_admin,cap_net_raw+p"
+
 		_log "calling: $setcap $params $exec_path"
 		"$setcap" $params "$exec_path"
 	;;
+
 	setuid)
 		_log "changing '$exec_path' to be setuid root executable"
 		chown -v root "$exec_path"
 		chmod -v u+s "$exec_path"
 	;;
+
 	*)
 		_log "unexpected argument: '$perm_type'"
 		exit 1