Problem :
I am doing this
$ strace -f ping -s 1 www.google.com
execve("/bin/ping", ["ping", "-s", "1", "www.google.com"],
[/* 80 vars */]) = 0
getuid() = 1001
setuid(1001) = 0
getuid() = 1001
geteuid() = 1001
capget({_LINUX_CAPABILITY_VERSION_3, 0}, NULL) = 0
capget({_LINUX_CAPABILITY_VERSION_3, 0}, {0, 0, 0}) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_ICMP) = -1 EPERM (Operation not permitted)
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(1025),
sin_addr=inet_addr("74.125.28.105")}, 16) = 0
write(3, "ping: icmp open socket: Operatio"..., 48
ping: icmp open socket: Operation not permitted) = 48
close(3) = 0
exit_group(2) = ?
+++ exited with 2 +++
I have excluded a lot of extraneous lines but the crux of the matter is that it is returning exit code 2.
I am receiving exit code 0 if I execute the ping without stracing.
Am I missing some options when running strace ?
Solution :
This is a valid question and it is not a duplicate of the strace sudo command. At one time in the past the /bin/ping was a setuid executable, so at some point in the past, perhaps it was a duplicate but it isn’t a dupe today.
sudo is a setuid executable. ping uses cap_net_raw. So, I believe the answer is that strace also needs to be granted cap_net_raw:
setcap cap_net_raw+p /usr/bin/strace
This worked for me.
Or… perhaps the setuid/cap_net_raw situation is a function of distro. I am using RHEL 7.