From Fedora Project Wiki
No edit summary
(Fill out the scope)
Line 90: Line 90:


== Scope ==
== Scope ==
* Proposal owners:
* Proposal owners: Enable <code>net.ipv4.ping_group_range</code> by adding it to one of the files shipped by the sytemd RPM in <code>/usr/lib/sysctl.d</code> or by creating a new file shipped by the podman or toolbox RPMs. [https://github.com/systemd/systemd/pull/13141 Here] is an upstream pull request against systemd.
<!-- What work do the feature owners have to accomplish to complete the feature in time for release?  Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?-->
<!-- What work do the feature owners have to accomplish to complete the feature in time for release?  Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?-->
Enable <code>net.ipv4.ping_group_range</code> by adding it to one of the files shipped by the sytemd RPM in <code>/usr/lib/sysctl.d</code> or by creating a new file shipped by the podman or toolbox RPMs.


* Other developers: N/A (not a System Wide Change) <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
* Other developers: Depending on which exact RPM will ship the <code>sysctl</code> snippet, the relevant package or upstream maintainer would need to review the change.<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
<!-- What work do other developers have to accomplish to complete the feature in time for release?  Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?-->
<!-- What work do other developers have to accomplish to complete the feature in time for release?  Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?-->


Revision as of 14:40, 23 July 2019


Enable net.ipv4.ping_group_range in the kernel

Summary

Enable the Linux kernel's net.ipv4.ping_group_range parameter to cover all groups. This will let all users on the operating system create ICMP Echo sockets without using setuid binaries, or having the CAP_NET_ADMIN and CAP_NET_RAW file capabilities.

Owner

Current status

  • Targeted release: Fedora 31
  • Last updated: 2019-07-23
  • Tracker bug: <will be assigned by the Wrangler>
  • Release notes tracker: <will be assigned by the Wrangler>

Detailed Description

Benefit to Fedora

Scope

  • Proposal owners: Enable net.ipv4.ping_group_range by adding it to one of the files shipped by the sytemd RPM in /usr/lib/sysctl.d or by creating a new file shipped by the podman or toolbox RPMs. Here is an upstream pull request against systemd.
  • Other developers: Depending on which exact RPM will ship the sysctl snippet, the relevant package or upstream maintainer would need to review the change.
  • Release engineering: N/A (not needed for this Change)
  • Policies and guidelines: N/A (not needed for this Change)
  • Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

Systems with a previous version of Fedora won't need manual intervention. They will inherit this change when updated.

How To Test

N/A (not a System Wide Change)

User Experience

Dependencies

N/A (not a System Wide Change)

Contingency Plan

  • Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change), Yes/No
  • Blocks product? product

Documentation

N/A (not a System Wide Change)

Release Notes

Retrieved from "https://fedoraproject.org/w/index.php?title=Changes/EnableSysctlPingGroupRange&oldid=548545"