[vbox-dev] First impressions

Frank Mehnert Frank.Mehnert at Sun.COM
Thu Apr 22 11:24:53 GMT 2010

On Thursday 22 April 2010, Alexey Eremenko wrote:
> On Thu, Apr 22, 2010 at 11:41 AM, Vasily Levchenko
> <Vasily.Levchenko at sun.com> wrote:
> >>> have you compiled VBox with hardening?
> >>
> >> No
> >
> > It's a reason why VBox NAT  can't open ICMP (raw socket). you can use
> > ICMP with non-hardened build if launch VBox under root only.
> Why is this important ? How hardening affects NAT raw sockets ?

As Vasily wrote: To use ICMP the process must be able to open
a raw socket. This isn't allowed for regular processes because
this requires a special capability (cap_net_raw).

Kind regards,

Dr.-Ing. Frank Mehnert

Sitz der Gesellschaft:
Sun Microsystems GmbH, Sonnenallee 1, 85551 Kirchheim-Heimstetten
Amtsgericht München: HRB 161028
Geschäftsführer: Jürgen Kunz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://www.virtualbox.org/pipermail/vbox-dev/attachments/20100422/40105e1a/attachment.sig>

More information about the vbox-dev mailing list