Firstly, sorry for bumping the old topic, but haven’t seen it before (that would remove many my own questions about ping wrapper in the snap infrastructure).
-
within the current snap core22: Is there a way to secure snap container with no ‘network-*’ plug for ping wrappers? (i.e. not to grant NET_RAW capabilities to a user wrapper code, for example dropping it totally for snap ping, or maybe limit it only to system ping itself)
-
calling “/bin/ping” (using full path) is more secure than calling “ping” inside of a wrapper? or it’s not particularly important in this case.
I would very much appreciate for clarifying on this topic about system tool wrappers