diff options
author | Giuseppe Scrivano <gscrivan@redhat.com> | 2018-11-08 16:16:22 +0100 |
---|---|---|
committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2018-11-12 13:03:13 +0100 |
commit | 40f86227426ecfc8cfeed2e9a53e522806e395b6 (patch) | |
tree | 36fb4570c281e43b9de002e2bfc6667bc3e7ce15 /troubleshooting.md | |
parent | e75469ab99c48e9fbe2b36ade229d384bdea9144 (diff) | |
download | podman-40f86227426ecfc8cfeed2e9a53e522806e395b6.tar.gz podman-40f86227426ecfc8cfeed2e9a53e522806e395b6.tar.bz2 podman-40f86227426ecfc8cfeed2e9a53e522806e395b6.zip |
troubleshooting.md: add a recipe for rootless ping
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'troubleshooting.md')
-rw-r--r-- | troubleshooting.md | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/troubleshooting.md b/troubleshooting.md index db36d1bb8..9d99d5d89 100644 --- a/troubleshooting.md +++ b/troubleshooting.md @@ -69,3 +69,29 @@ communicate with a registry and not use tls verification. * Turn off tls verification by passing false to the tls-verification option. * I.e. `podman push --tls-verify=false alpine docker://localhost:5000/myalpine:latest` --- +### 4) rootless containers cannot ping hosts + +When using the ping command from a non-root container, the command may +fail because of a lack of privileges. + +#### Symptom + +```console +$ podman run --rm fedora ping -W10 -c1 redhat.com +PING redhat.com (209.132.183.105): 56 data bytes + +--- redhat.com ping statistics --- +1 packets transmitted, 0 packets received, 100% packet loss +``` + +#### Solution + +It is most likely necessary to enable unprivileged pings on the host. +Be sure the UID of the user is part of the range in the +`/proc/sys/net/ipv4/ping_group_range` file. + +To change its value you can use something like: `sysctl -w +"net.ipv4.ping_group_range=0 2000000"`. + +To make the change persistent, you'll need to add a file in +`/etc/sysctl.d` that contains `net.ipv4.ping_group_range=0 $MAX_UID`. |