Hi,
It seems that the converter drops proper SELinux-capabilities from /usr/bin/ping during conversion. Because of this, normal user's will not anymore have rights to use ping since it opens a RAW socket and that is guarded by SELinux (when enforced). The issue can be fixed manually either by giving back the proper capabilities to /usr/bin/ping or by reinstalling iputils. Anyhow it would be nice if Converter preserved SELinux-capabilities properly during conversion.
Regards,
-Tom
A more thorough workaround for now:
Before conversion in source machine:
find / -maxdepth 1 -type d | egrep -v '^/(dev|proc|sys|tmp|run|boot|)$' | xargs getcap -r | gzip > fs.cap.gz
After conversion in resulted machine:
zcat fs.cap.gz | awk -F= '{print $2 " " $1}' | xargs -n 2 setcap
Thank you for the input.
I have logged a feature request for that.
Regards,
Plamen
A more thorough workaround for now:
Before conversion in source machine:
find / -maxdepth 1 -type d | egrep -v '^/(dev|proc|sys|tmp|run|boot|)$' | xargs getcap -r | gzip > fs.cap.gz
After conversion in resulted machine:
zcat fs.cap.gz | awk -F= '{print $2 " " $1}' | xargs -n 2 setcap