Merge pull request #1779 from giuseppe/troubleshoot-unprivileged-ping

troubleshooting.md: add a recipe for rootless ping
2025-07-15 03:02:52 +08:00 · 2018-11-12 09:57:33 -08:00
parent d2f2c56aaa 40f8622742
commit 51a1b85fb5
1 changed files with 26 additions and 0 deletions
--- a/troubleshooting.md
+++ b/troubleshooting.md
@ -69,3 +69,29 @@ communicate with a registry and not use tls verification.
  * Turn off tls verification by passing false to the tls-verification option.
  * I.e. `podman push --tls-verify=false alpine docker://localhost:5000/myalpine:latest`
 ---
+### 4) rootless containers cannot ping hosts
+
+When using the ping command from a non-root container, the command may
+fail because of a lack of privileges.
+
+#### Symptom
+
+```console
+$ podman run --rm fedora ping -W10 -c1 redhat.com
+PING redhat.com (209.132.183.105): 56 data bytes
+
+--- redhat.com ping statistics ---
+1 packets transmitted, 0 packets received, 100% packet loss
+```
+
+#### Solution
+
+It is most likely necessary to enable unprivileged pings on the host.
+Be sure the UID of the user is part of the range in the
+`/proc/sys/net/ipv4/ping_group_range` file.
+
+To change its value you can use something like: `sysctl -w
+"net.ipv4.ping_group_range=0 2000000"`.
+
+To make the change persistent, you'll need to add a file in
+`/etc/sysctl.d` that contains `net.ipv4.ping_group_range=0 $MAX_UID`.