[vbox-dev] First impressions
Frank.Mehnert at Sun.COM
Thu Apr 22 04:24:53 PDT 2010
On Thursday 22 April 2010, Alexey Eremenko wrote:
> On Thu, Apr 22, 2010 at 11:41 AM, Vasily Levchenko
> <Vasily.Levchenko at sun.com> wrote:
> >>> have you compiled VBox with hardening?
> >> No
> > It's a reason why VBox NAT can't open ICMP (raw socket). you can use
> > ICMP with non-hardened build if launch VBox under root only.
> Why is this important ? How hardening affects NAT raw sockets ?
As Vasily wrote: To use ICMP the process must be able to open
a raw socket. This isn't allowed for regular processes because
this requires a special capability (cap_net_raw).
Dr.-Ing. Frank Mehnert
Sitz der Gesellschaft:
Sun Microsystems GmbH, Sonnenallee 1, 85551 Kirchheim-Heimstetten
Amtsgericht München: HRB 161028
Geschäftsführer: Jürgen Kunz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://www.virtualbox.org/pipermail/vbox-dev/attachments/20100422/40105e1a/attachment-0001.bin
More information about the vbox-dev