diff options
author | Evgeny Vereshchagin <evvers@ya.ru> | 2019-07-25 21:58:42 +0000 |
---|---|---|
committer | Frantisek Sumsal <frantisek@sumsal.cz> | 2019-07-26 06:56:58 +0000 |
commit | be74f51605b4c7cb74fec3a50cd13b67598a8ac1 (patch) | |
tree | 7b8e99fd63c841b4c3035538455c6924c8fafb1d /NEWS | |
parent | 0a71e31c33021d4265fcc037c93d8f364521f281 (diff) | |
download | systemd-be74f51605b4c7cb74fec3a50cd13b67598a8ac1.tar.gz |
Revert "sysctl: Enable ping(8) inside rootless Podman containers"
This reverts commit 90ce7627dfe824ff6e7c0ca5f96350fbcfec7118.
See https://github.com/systemd/systemd/issues/13177#issuecomment-514931461
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 9 |
1 files changed, 0 insertions, 9 deletions
@@ -2,15 +2,6 @@ systemd System and Service Manager CHANGES WITH 243 in spe: - * This release enables unprivileged programs (i.e. requiring neither - setuid nor file capabilities) to send ICMP Echo (i.e. ping) requests - by turning on the net.ipv4.ping_group_range sysctl of the Linux - kernel for the whole UNIX group range, i.e. all processes. This - change should be reasonably safe, as the kernel support for it was - specifically implemented to allow safe access to ICMP Echo for - processes lacking any privileges. If this is not desirable, it can be - disabled again by setting the parameter to "1 0". - * Previously, filters defined with SystemCallFilter= would have the effect that an calling an offending system call would terminate the calling thread. This behaviour never made much sense, since killing |