[Debian-ha-maintainers] Bug#1086011: fence-agents: Please set net.ipv4.ping_group_range sysctl in autopkgtests
Noah Meyerhans
noahm at debian.org
Thu Oct 24 22:57:58 BST 2024
Source: fence-agents
Version: 4.15.0-3
Severity: serious
Tags: ftbfs
Justification: fails to build from source (but built successfully in the past)
The fence-agents package is currently failing autopkgtests. This appears to
be caused by iputils-ping no longer being installed with elevated
privileges.
Prior to iputils version 3:20240905-1, ping was installed with with
CAP_NET_RAW capabilities or with the setuid bit set. In order to avoid
installing with these elevated privileges, we now rely on the
net.ipv4.ping_group_range sysctl variable to grant unprivileged users the
ability to run ping. This variable is set to a permissive value by files
installed by the linux-sysctl-defaults package, which is installed as a
Recommends of iputils-ping, but this doesn't currently apply in autopkgtest
testbeds. This results in the kernel's restrictive default being used,
which prevents unprivileged users from being able to use ping.
For now, to fix your package's tests, I suggest adding procps as a
dependency of your tests, adding the 'needs-sudo' requirement, and adding
the following near the beginning of your test script:
sudo /sbin/sysctl -w net.ipv4.ping_group_range="0 2147483647"
Note that the resolution of #1085160 may eventually eliminate the need to do
this.
noah
More information about the Debian-ha-maintainers
mailing list