* I downloaded ubuntu-20.04-server-cloudimg-armhf.img from [1],
mounted it with using qemu-nbd and verified that ping has the
right capability: it does. However I'm not 100% sure that's
the image used to deploy the autopkgtest testbed systems.
* ping doesn't even need that one, provided that the GID
running ping is in this range:
Some more info on this bug:
* In >=Focal ping6 is a symlink to ping, so ping may fail
in the same way.
* ping gets the "raw socket" permissions it needs via a
capability:
$ getcap /usr/bin/ping
/usr/bin/ping cap_net_raw=ep
No need for suid bits.
* I downloaded ubuntu- 20.04-server- cloudimg- armhf.img from [1],
mounted it with using qemu-nbd and verified that ping has the
right capability: it does. However I'm not 100% sure that's
the image used to deploy the autopkgtest testbed systems.
* ping doesn't even need that one, provided that the GID
running ping is in this range:
sysctl net.ipv4. ping_group_ range ipv4.ping_ group_range = 0 2147483647
net.
Note: this also affects IPv6.
[1] https:/ /cloud- images. ubuntu. com/releases/ focal/release/