権限のないping6は機能しません。

権限のないping6は機能しません。

CentOS v7サーバーでIPv6を実行しようとしています。ルートが機能し、「ping6 ipv6.google.com」を使用してpingを実行でき、ifconfigが素晴らしいようです。

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
inet 149.202.217.90  netmask 255.255.255.0  broadcast 149.202.217.255
inet6 fe80::ec4:7aff:fec4:d912  prefixlen 64  scopeid 0x20<link>
inet6 2001:41d0:1000:1c5a::  prefixlen 64  scopeid 0x0<global>

ただし、権限のないユーザーとしてipv6をpingできず、ifconfigにinet6アドレスが表示されません。

何が問題なの?ユーザーがルートと同じインターフェイスと設定を表示できないのはなぜですか?

[編集する]

要求どおりにip a s以下を出力しますping6 -c1 ipv6.google.com

[root@rabbit ~]# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 2001:41d0:1000:1c5a::/64 scope global
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: bond0: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop state DOWN
    link/ether 5e:63:58:37:5d:30 brd ff:ff:ff:ff:ff:ff
3: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN
    link/ether 32:ad:47:94:1f:b1 brd ff:ff:ff:ff:ff:ff
4: ifb0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 32
    link/ether 7e:52:08:a5:1a:dd brd ff:ff:ff:ff:ff:ff
5: ifb1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 32
    link/ether 3e:ba:b9:d1:09:3b brd ff:ff:ff:ff:ff:ff
6: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 0c:c4:7a:c4:d9:12 brd ff:ff:ff:ff:ff:ff
    inet 149.202.217.90/24 brd 149.202.217.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 2001:41d0:1000:1c5a::/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::ec4:7aff:fec4:d912/64 scope link
       valid_lft forever preferred_lft forever
7: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 0c:c4:7a:c4:d9:13 brd ff:ff:ff:ff:ff:ff
8: teql0: <NOARP> mtu 1500 qdisc noop state DOWN qlen 100
    link/void
9: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN
    link/ipip 0.0.0.0 brd 0.0.0.0
10: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN
    link/sit 0.0.0.0 brd 0.0.0.0
11: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN
    link/tunnel6 :: brd ::

[root@rabbit ~]# ping6 -c1 ipv6.google.com
PING ipv6.google.com(par03s15-in-x0e.1e100.net) 56 data bytes
64 bytes from par03s15-in-x0e.1e100.net: icmp_seq=1 ttl=57 time=6.61 ms

--- ipv6.google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 6.615/6.615/6.615/0.000 ms

ユーザー(優先)

[pryormic@rabbit ~]$ ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 2001:41d0:1000:1c5a::/64 scope global
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: bond0: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop state DOWN
    link/ether 5e:63:58:37:5d:30 brd ff:ff:ff:ff:ff:ff
3: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN
    link/ether 32:ad:47:94:1f:b1 brd ff:ff:ff:ff:ff:ff
4: ifb0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 32
    link/ether 7e:52:08:a5:1a:dd brd ff:ff:ff:ff:ff:ff
5: ifb1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN qlen 32
    link/ether 3e:ba:b9:d1:09:3b brd ff:ff:ff:ff:ff:ff
6: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 0c:c4:7a:c4:d9:12 brd ff:ff:ff:ff:ff:ff
    inet 149.202.217.90/24 brd 149.202.217.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 2001:41d0:1000:1c5a::/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::ec4:7aff:fec4:d912/64 scope link
       valid_lft forever preferred_lft forever
7: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 0c:c4:7a:c4:d9:13 brd ff:ff:ff:ff:ff:ff
8: teql0: <NOARP> mtu 1500 qdisc noop state DOWN qlen 100
    link/void
9: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN
    link/ipip 0.0.0.0 brd 0.0.0.0
10: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN
    link/sit 0.0.0.0 brd 0.0.0.0
11: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN
    link/tunnel6 :: brd ::

[pryormic@rabbit ~]$ ping6 -c1 ipv6.google.com
ping: icmp open socket: Operation not permitted

[編集2]

以下にifconfig出力を追加しました。

[root@rabbit ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 149.202.217.90  netmask 255.255.255.0  broadcast 149.202.217.255
        inet6 fe80::ec4:7aff:fec4:d912  prefixlen 64  scopeid 0x20<link>
        inet6 2001:41d0:1000:1c5a::  prefixlen 64  scopeid 0x0<global>
        ether 0c:c4:7a:c4:d9:12  txqueuelen 1000  (Ethernet)
        RX packets 12131475  bytes 2122218137 (1.9 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1113935  bytes 690582284 (658.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 0c:c4:7a:c4:d9:13  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6632  bytes 1169904 (1.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        inet6 2001:41d0:1000:1c5a::  prefixlen 64  scopeid 0x0<global>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 332704  bytes 448694222 (427.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 332704  bytes 448694222 (427.9 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ユーザー(優先)

[pryormic@rabbit ~]$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 149.202.217.90  netmask 255.255.255.0  broadcast 149.202.217.255
        ether 0c:c4:7a:c4:d9:12  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 0c:c4:7a:c4:d9:13  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 0  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

答え1

ping6次のコマンドを使用すると、ユーザーは.runをrootとして使用できます。

setcap cap_net_raw+ep /usr/bin/ping

関連情報