diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2018-11-12 09:57:33 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-11-12 09:57:33 -0800 |
| commit | 51a1b85fb52721eb5dc2f7847b00f0b0ed811cef (patch) | |
| tree | e1f0308d14af0c1a98a256150b8351b6e9b30da2 | |
| parent | d2f2c56aaafbb699dd28141967ce15faf38ac337 (diff) | |
| parent | 40f86227426ecfc8cfeed2e9a53e522806e395b6 (diff) | |
| download | podman-51a1b85fb52721eb5dc2f7847b00f0b0ed811cef.tar.gz podman-51a1b85fb52721eb5dc2f7847b00f0b0ed811cef.tar.bz2 podman-51a1b85fb52721eb5dc2f7847b00f0b0ed811cef.zip | |
Merge pull request #1779 from giuseppe/troubleshoot-unprivileged-ping
troubleshooting.md: add a recipe for rootless ping
| -rw-r--r-- | troubleshooting.md | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/troubleshooting.md b/troubleshooting.md index db36d1bb8..9d99d5d89 100644 --- a/troubleshooting.md +++ b/troubleshooting.md @@ -69,3 +69,29 @@ communicate with a registry and not use tls verification. * Turn off tls verification by passing false to the tls-verification option. * I.e. `podman push --tls-verify=false alpine docker://localhost:5000/myalpine:latest` --- +### 4) rootless containers cannot ping hosts + +When using the ping command from a non-root container, the command may +fail because of a lack of privileges. + +#### Symptom + +```console +$ podman run --rm fedora ping -W10 -c1 redhat.com +PING redhat.com (209.132.183.105): 56 data bytes + +--- redhat.com ping statistics --- +1 packets transmitted, 0 packets received, 100% packet loss +``` + +#### Solution + +It is most likely necessary to enable unprivileged pings on the host. +Be sure the UID of the user is part of the range in the +`/proc/sys/net/ipv4/ping_group_range` file. + +To change its value you can use something like: `sysctl -w +"net.ipv4.ping_group_range=0 2000000"`. + +To make the change persistent, you'll need to add a file in +`/etc/sysctl.d` that contains `net.ipv4.ping_group_range=0 $MAX_UID`. |