Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Use privileged mode for ICMP only on Windows #748

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

fix: Use privileged mode for ICMP only on Windows #748

wants to merge 2 commits into from

Conversation

TwiN
Copy link
Owner

@TwiN TwiN commented Apr 28, 2024

Summary

Use privileged mode for ICMP only on Windows

Fixes #697

Checklist

  • Tested and/or added tests to validate that the changes work as intended, if applicable.
  • Updated documentation in README.md, if applicable.

@TwiN TwiN added bug Something isn't working area/security Related to security labels Apr 28, 2024
@codecov-commenter
Copy link

codecov-commenter commented Apr 28, 2024
edited
Loading

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 80.58%. Comparing base (2833968) to head (a3f3660).
Report is 22 commits behind head on master.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #748      +/-   ##
==========================================
- Coverage   80.63%   80.58%   -0.05%     
==========================================
  Files          64       64              
  Lines        4244     4244              
==========================================
- Hits         3422     3420       -2     
- Misses        624      625       +1     
- Partials      198      199       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@TwiN TwiN mentioned this pull request Apr 28, 2024
Open
@TwiN
Copy link
Owner Author

TwiN commented Apr 28, 2024

Temporarily published container image as twinproduction/gatus:experimental for testing purposes.

@h3mmy h3mmy mentioned this pull request May 30, 2024
Merged
@h3mmy
Copy link

h3mmy commented May 31, 2024

I've verified that this works in my environment for the icmp check. Details here: #697 (comment)

h3mmy
h3mmy approved these changes May 31, 2024
View reviewed changes
Copy link

@h3mmy h3mmy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks for making this change!

@TwiN
Copy link
Owner Author

TwiN commented Jul 1, 2024

FYI this is on-hold and is being discussed in #697

@ignisf
Copy link

ignisf commented Jul 22, 2024
edited
Loading

Hya, just chiming in that this fixes ICMP with rootless podman containers. As does adding the CAP_NET_RAW capability with the stable branch.

@h3mmy
Copy link

h3mmy commented Nov 9, 2024

Is there anything specifically preventing this from being merged?

@TwiN
Copy link
Owner Author

TwiN commented Nov 9, 2024

@h3mmy #697 (comment) is why I'm not merging it.

#697 (comment) is the reason why this needs more investigation.

The fix itself resolves an issue for some people, but causes more issues for other people. This still needs some investigation, and I don't have the time to spend on this at the moment. Also worth pointing out that for me, the current release works just fine, but the fix does not unless I add

      securityContext:
        sysctls:
          - name: net.ipv4.ping_group_range
            value: 0 65536

to the pod security context, which means that this would technically be a regression for my cloud environment, and likely others.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@h3mmy h3mmy h3mmy approved these changes

Assignees
No one assigned
Labels
area/security Related to security bug Something isn't working do-not-merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ICMP not working on Kubernetes even if sysctl -w net.ipv4.ping_group_range="0 2147483647"
4 participants
@TwiN @codecov-commenter @h3mmy @ignisf