skip to Main Content

The following error message appeared when I attempted to ping google.com from Containerd’s container.

root@istiod-79d65bf5f4-nlwjj:/# ping google.com

bash: /usr/bin/ping: Operation not permitted

Are there any ideas as to why this is happening?

2

Answers


  1. Most likely the permissions needed to run for ‘ping’ is not given for the pod. You probably need to add ‘NET_RAW’ capabilities for your pod.

    https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-capabilities-for-a-container

    Login or Signup to reply.
  2. By default a container is not allowed to access any devices, but a privileged container is given access to all devices.

    You have not configured or given necessary privileges to execute the ping command. Check the capability of the container whether it is running short and check whether ‘CAP_NET_RAW’ is there or not which is required for ‘ping’ command.

    You need to install the ping command image if not installed and use –cap-add command to add NET_RAW to give necessary grants. Also check this document. For further reference please check Docker community forums.
    Finally, check your security policies.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search