mikkel/homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add TODO.md and document ping fix for unprivileged containers

Browse source 
- Created TODO.md with pending task to fix ping on all containers
- Added setcap command to standard container setup in documentation
- Added detailed explanation in CLAUDE.md for future reference
- Unprivileged containers need cap_net_raw on /bin/ping

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Mikkel Georgsen 2026-01-14 20:28:25 +00:00
parent 6fe9fb2297
commit 1b57dab4da
4 changed files with 31 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
CLAUDE.md
View file

@ -112,6 +112,20 @@ ssh mikkel@10.5.0.111 # dev container
ssh root@10.5.0.1 'cd /opt/npm && docker compose pull && docker compose up -d' ssh root@10.5.0.1 'cd /opt/npm && docker compose pull && docker compose up -d'
``` ```
**Enable ping in unprivileged containers:**
Unprivileged LXC containers drop `cap_net_raw` capability, causing ping to fail with "Operation not permitted". Fix by granting the capability to the ping binary:
```bash
# Run inside the container as root
setcap cap_net_raw+ep /bin/ping
# Or from PVE host
ssh root@10.5.0.254 'pct exec <vmid> -- setcap cap_net_raw+ep /bin/ping'
```
Note: Must be re-applied after `iputils-ping` package upgrades.
## User Preferences ## User Preferences
- Python and Batch for scripting - Python and Batch for scripting

1
README.md
View file

@ -6,6 +6,7 @@ Infrastructure documentation and management for Mikkel's homelab.
- **homelab-documentation.md** - Complete infrastructure documentation - **homelab-documentation.md** - Complete infrastructure documentation
- **CLAUDE.md** - Claude Code guidance and quick reference - **CLAUDE.md** - Claude Code guidance and quick reference
- **TODO.md** - Pending maintenance tasks
## Management Container ## Management Container

11
TODO.md Normal file
View file

@ -0,0 +1,11 @@
# Homelab TODO
## Pending Tasks
- [ ] **Fix ping on all unprivileged containers** - Run `setcap cap_net_raw+ep /bin/ping` on each container (requires restart or at least root access inside container)
- Containers to fix: 100 (npm), 101 (dockge), 102 (mgmt), 103 (postgresql01), 104 (redis01), 105 (sentry), 107 (pve-scripts-local), 108 (jukebox), 110 (sense), 111 (dev), 112 (dataloes), 114 (forgejo), 115 (dns), 1000 (tailscale)
- Skip: 106 (pbs) - privileged container, 113 (general) - already done
## Completed
- [x] Fix ping on container 113 (general) - 2025-01-14

5
homelab-documentation.md
View file

@ -469,6 +469,11 @@ echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOQrK06zVkfY6C1ec69kEZYjf8tC98icCcBju
chmod 700 /root/.ssh /home/mikkel/.ssh chmod 700 /root/.ssh /home/mikkel/.ssh
chmod 600 /root/.ssh/authorized_keys /home/mikkel/.ssh/authorized_keys chmod 600 /root/.ssh/authorized_keys /home/mikkel/.ssh/authorized_keys
chown -R mikkel:georgsen /home/mikkel/.ssh chown -R mikkel:georgsen /home/mikkel/.ssh
# Enable ping in unprivileged containers (required because cap_net_raw is dropped)
# Without this, ping fails with "Operation not permitted"
# Must be re-applied if iputils-ping package is upgraded
setcap cap_net_raw+ep /bin/ping
``` ```
--- ---