Bug: Machine status ping not working inside docker container because of permission issue

[flw-dev]

When using the docker image and setting up one or multiple hosts through the config file, I observed the machine status feature using ping does not work. It should be replicatable quite easily:

I have a simple config file with one machine:

  - name: desktop
    mac: "D8-AA-AA-AA-AA-AA"
    ip: "192.168.1.20"

Then I start the docker container using docker compose and get the following output:
$ docker compose up

Attaching to wol-1
wol-1  | 2025/04/10 10:57:47 Listening on :7777
wol-1  | 2025/04/10 10:57:47 Error getting status for machine desktop: error pinging: socket: permission denied
wol-1  | 2025/04/10 10:57:52 Error getting status for machine desktop: error pinging: socket: permission denied

This error message is logged every five seconds. The wol functionality still works, the Web App just shows an unknown status for the machine constantly so you can't verify if it's already been woken.

I've tried adding additional capabilities to the Container like NET_RAW or even privileged: true which is a bad idea, but neither worked.

Here is my full docker compose file (without said modifications):

  wol:
    restart: unless-stopped
    image: ghcr.io/trugamr/wol:latest
    command: serve # To start the web interface
    network_mode: "host"
    volumes:
      - ./config.yaml:/etc/wol/config.yaml

[Trugamr]

I personally haven't run into this issue. Can you give some more details about your host, such as the output of uname -a?

For reference, wol uses pro-bing for sending pings to check if machines are online. According to their docs, it uses "unprivileged" UDP pings, which require a specific sysctl setting on Linux:

sysctl -w net.ipv4.ping_group_range="0 2147483647"

Let me know if this helps! I'll try to replicate this issue and find a solution.

[flw-dev]

I personally haven't run into this issue. Can you give some more details about your host, such as the output of uname -a?

For reference, wol uses pro-bing for sending pings to check if machines are online. According to their docs, it uses "unprivileged" UDP pings, which require a specific sysctl setting on Linux:

sysctl -w net.ipv4.ping_group_range="0 2147483647"
Let me know if this helps! I'll try to replicate this issue and find a solution.

Absolutely, the Host machine is a Debian 12 VM running on a KVM-based Hypervisor.

Architecture:

Linux S1 6.1.0-32-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.129-1 (2025-03-06) x86_64 GNU/Linux

Your command actually helped fixing the issue. I did not expect that since I was assuming the ping command requiring certain privileges isn't a thing anymore since Debian 12 / Kernel Version 6. However it did solve the issue and the behavior is as expected now. I'm even more confused why neither cap_add: - NET_RAW nor privileged: true helped circumvent the ping_group_range setting... My best guess is because of how the pro-bing library handles the system call or the used docker network_mode

I've added this command to my sysctl.conf to make it persist. It would probably be a good idea to point the need of this command out somewhere in the Readme if it's a general linux-based requirement.

Thanks for the help! IMO this can be closed 😊

[Trugamr]

Glad this helped! I'll try to replicate this issue myself and play around with pro-bing and docker permissions to better understand what's happening. Thank you so much for taking the time to write this up and confirm the solution worked. I'll try to mention this in the known issues section.