| SturmFlut | I am building an app for Ubuntu Touch which makes use of an unprivileged ICMP socket. The call socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP) works on my phone (Nexus 4, Ubuntu Touch r14, Kernel 3.4.0-5-mako), but returns EACCES on my Desktop (Vivid, Kernel 3.18.0-9-generic). I already checked that the 3.18.0-9-generic kernel contains the necessary code for unprivileged ICMP sockets and there are no AppArmor | 01:14 |
|---|---|---|
| SturmFlut | violations on the Desktop. | 01:14 |
| SturmFlut | Any ideas? | 01:14 |
| jjohansen | SturmFlut: first I would check that it works correctly from a privileged user | 01:44 |
| SturmFlut | jjohansen: I'll build a minimal example in C, all I currently have is a lot of C++ code | 01:50 |
| SturmFlut | jjohansen: https://github.com/Sturmflut/unprivileged-icmp/ should contain a working example. It fails with errno = 13 (EACCES) after the socket() call on my desktop, and completes successfully on the phone. It also fails with errno = 13 when run as root on the desktop. | 02:13 |
| SturmFlut | jjohansen: I could compare the source code of the 3.4.0-5-mako kernel with 3.18.0-9-generic and find out if there are any differences regarding unprivileged ICMP | 02:15 |
| jjohansen | sure | 02:15 |
| SturmFlut | It is 03:16 AM here in Europe, though ;) | 02:16 |
| === dirbaio2 is now known as dirbaio | ||
| === jhenke_ is now known as jhenke | ||
| SturmFlut | I found the solution to my unprivileged ICMP socket problem | 10:49 |
| SturmFlut | The file /proc/sys/net/ipv4/ping_group_range controls which group id ranges are allowed to create such a socket | 10:50 |
| SturmFlut | On the phone, the content of the file is "02147483647", effectively allowing access to anybody | 10:50 |
| SturmFlut | On the desktop the content is "1 0", effectively disabling the feature completely | 10:50 |
| SturmFlut | I think this setting should be consistent across devices, but it has some security implications. Fedora 21 Workstation e.g. also ships with the feature disabled | 10:58 |
| === lfaraone_ is now known as lfaraone | ||
| aeoril | I am interested in working with the ubuntu community on low level stuff - kernel, modules, vms, etc. This is a long term goal, and I want to prepare myself properly. I have a history of doing real-time, embedded programming at my last job in C. However, I want to read up on operating systems development and was hoping for pointers to good resources to help bring me up to speed. I am | 23:44 |
| aeoril | thinking of buying "Modern Operating Systems" by Tanenbaum version 4, but it is expensive and wanted to make sure this was a wise investment. Any pointers would be appreciated to prepare me to contribute in this area. | 23:44 |
| aeoril | Note that I already have Modern Operating Systems v. 3 and found it very good, but it seems version 4 is much more up-to-date and releveant today | 23:45 |
| aeoril | Note that I have looked at the kernel development wiki for Ubuntu and understand there is a ton of stuff there, but wanted to get into some of the academic side of things to be better prepared overall for this direction | 23:48 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!