Job returns "ping: socket: Operation not permitted"

uliss3s · May 3, 2022, 6:14pm

I’m just starting to learn about nomad and tried to run a simple test job after a fresh install of the nomad service. The job executes with error, and there is the following message on the log: “ping: socket: Operation not permitted”.

I can ping normally with root or other users, locally and remotely via ssh.

OS: Oracle Linux Server release 8.5
Running everything as root.

Job:

job "testjob" {
  datacenters = ["dc1"]

  type = "batch"

  periodic {
    cron = "*/1 * * * *"
    prohibit_overlap = true
  }

  group "bgt" {
    task "bgt" {
      driver = "exec"

      config {
        command = "/usr/bin/ping"
        args    = ["-c", "4", "www.google.com"]
      }
    }
  }
}

uliss3s · May 5, 2022, 5:06pm

Solved.

Had to mess with “sysctl net.ipv4.ping_group_range” and “setcap /usr/bin/ping”.

seth.hoenig · May 6, 2022, 5:13pm

Hi @uliss3s , by default the exec and docker drivers drop CAP_NET_RAW (required by ping), since it can be used maliciously. You can add it back per-task via cap_add.

Topic		Replies	Views
Simple Nomad Job without Docker or other dependencies Nomad	4	1076	February 24, 2023
Task needs to bind on privileged ports Nomad	5	1237	October 15, 2021
Nomad job fails with "prestart hook \"task_dir\" failed: mount: operation not permitted" Nomad	4	674	March 3, 2023
"failed to setup alloc:" error during Job Deployment When Nomad runs as Root? Nomad	5	43	July 2, 2025
Raw_Exec Nomad Job Syntax Nomad consul-nomad	0	594	October 29, 2021

Job returns "ping: socket: Operation not permitted"

Related topics