From 19718b09ca2f334ee79ac4c5e792d47fec7fd250 Mon Sep 17 00:00:00 2001
From: Petr Vorel <pvorel@suse.cz>
Date: Fri, 12 Jan 2024 17:18:31 +0100
Subject: [PATCH] setcap-setuid.sh: Add cap_net_admin for ping

Although since Linux kernel 5.17 it can be achieved also by cap_net_raw,
it's still too new kernel to rely on that. But we should delete it in
the future (there might be some distros, which still prefer to use raw
socket and thus use capabilities, e.g. Debian [1] due supporting
non-systemd init systems).

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008281#71

Link: https://github.com/iputils/iputils/issues/515
Reported-by: Jingzi Meng <mengjingzi18@foxmail.com>
Reviewed-by: Matthias Gerstner <matthias.gerstner@suse.com>
Reviewed-by: Paul Donohue <git@PaulSD.com>
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
 build-aux/setcap-setuid.sh | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/build-aux/setcap-setuid.sh b/build-aux/setcap-setuid.sh
index 404974a9..5c79962d 100755
--- a/build-aux/setcap-setuid.sh
+++ b/build-aux/setcap-setuid.sh
@@ -1,5 +1,5 @@
 #!/bin/sh
-# Copyright (c) Iputils Project, 2018-2021
+# Copyright (c) Iputils Project, 2018-2024
 # Meson install script to setcap or setuid to an executable.
 
 exec_path="$1/$2"
@@ -17,15 +17,23 @@ _log() {
 case "$perm_type" in
 	caps)
 		params="cap_net_raw+p"
+
 		[ "$2" = "clockdiff" ] && params="cap_net_raw,cap_sys_nice+ep"
+
+		# cap_net_admin is needed for ping -m even on ICMP datagram socket
+		# (or cap_net_raw since Linux kernel 5.17).
+		[ "$2" = "ping" ] && params="cap_net_admin,cap_net_raw+p"
+
 		_log "calling: $setcap $params $exec_path"
 		"$setcap" $params "$exec_path"
 	;;
+
 	setuid)
 		_log "changing '$exec_path' to be setuid root executable"
 		chown -v root "$exec_path"
 		chmod -v u+s "$exec_path"
 	;;
+
 	*)
 		_log "unexpected argument: '$perm_type'"
 		exit 1