FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Hardened

 
 
LinkBack Thread Tools
 
Old 10-06-2008, 03:04 PM
Markus Bartl
 
Default /etc/init.d/dhcpd start -> error

Hi there.



I did a fresh installation with hardened-sources 2.6.25-r7 with pax and
grsec (server) enabled.

After installing dhcpd with configuration to chroot - environment I get
the following errors in /var/log/debug:



Oct* 6 16:54:35 odin dhcpd: unable to create icmp socket: Operation not
permitted

...

Oct* 6 16:54:35 odin dhcpd: Open a socket for LPF: Operation not
permitted



/var/log/grsec.log doesnt contain any hints.



Any idea would be welcome.



Kind regards,

Markus
 
Old 10-06-2008, 03:11 PM
brant williams
 
Default /etc/init.d/dhcpd start -> error

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Did you enable any chroot restrictions in the kernel config?


brant williams
FCAA CDCA 20BC 3925 D634 F5C4 7420 6784 4DEB 6002



On Mon, 6 Oct 2008, Markus Bartl wrote:


Date: Mon, 06 Oct 2008 17:04:15 +0200
From: Markus Bartl <hardened@noack-ingenieure.de>
Reply-To: gentoo-hardened@lists.gentoo.org
To: gentoo-hardened@lists.gentoo.org
Subject: [gentoo-hardened] /etc/init.d/dhcpd start -> error

Hi there.

I did a fresh installation with hardened-sources 2.6.25-r7 with pax and grsec (server) enabled.
After installing dhcpd with configuration to chroot - environment I get the following errors in /var/log/debug:

Oct* 6 16:54:35 odin dhcpd: unable to create icmp socket: Operation not permitted
...
Oct* 6 16:54:35 odin dhcpd: Open a socket for LPF: Operation not permitted

/var/log/grsec.log doesnt contain any hints.

Any idea would be welcome.

Kind regards,
Markus




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEAREIAAYFAkjqKroACgkQdCBnhE3rYAKOggCbBAS3hGsfJw n9YCRGxEyJ4lCA
mfgAnj6B8Z0uZNpSyL4/7FrWsr9iRfF+
=pYUj
-----END PGP SIGNATURE-----
 
Old 10-06-2008, 03:13 PM
brant williams
 
Default /etc/init.d/dhcpd start -> error

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


You might also have turned on socket restrictions...


brant williams
FCAA CDCA 20BC 3925 D634 F5C4 7420 6784 4DEB 6002



On Mon, 6 Oct 2008, Markus Bartl wrote:


Date: Mon, 06 Oct 2008 17:04:15 +0200
From: Markus Bartl <hardened@noack-ingenieure.de>
Reply-To: gentoo-hardened@lists.gentoo.org
To: gentoo-hardened@lists.gentoo.org
Subject: [gentoo-hardened] /etc/init.d/dhcpd start -> error

Hi there.

I did a fresh installation with hardened-sources 2.6.25-r7 with pax and grsec (server) enabled.
After installing dhcpd with configuration to chroot - environment I get the following errors in /var/log/debug:

Oct* 6 16:54:35 odin dhcpd: unable to create icmp socket: Operation not permitted
...
Oct* 6 16:54:35 odin dhcpd: Open a socket for LPF: Operation not permitted

/var/log/grsec.log doesnt contain any hints.

Any idea would be welcome.

Kind regards,
Markus




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEAREIAAYFAkjqKwoACgkQdCBnhE3rYAJEIQCdGlp1xIDfzX G87qEbr/MBG1GP
REkAn386r0PYYATK1FWqHxjxFv9u9IN7
=jazu
-----END PGP SIGNATURE-----
 
Old 10-06-2008, 03:20 PM
Markus Bartl
 
Default /etc/init.d/dhcpd start -> error

brant williams schrieb:
-----BEGIN PGP SIGNED MESSAGE-----


Hash: SHA256






Did you enable any chroot restrictions in the kernel config?






brant williams


FCAA CDCA 20BC 3925 D634* F5C4 7420 6784 4DEB 6002








On Mon, 6 Oct 2008, Markus Bartl wrote:




Date: Mon, 06 Oct 2008 17:04:15 +0200


From: Markus Bartl <hardened@noack-ingenieure.de>


Reply-To: gentoo-hardened@lists.gentoo.org


To: gentoo-hardened@lists.gentoo.org


Subject: [gentoo-hardened] /etc/init.d/dhcpd start -> error




Hi there.




I did a fresh installation with hardened-sources 2.6.25-r7 with pax and
grsec (server) enabled.


After installing dhcpd with configuration to chroot - environment I get
the following errors in /var/log/debug:




Oct* 6 16:54:35 odin dhcpd: unable to create icmp socket: Operation not
permitted


...


Oct* 6 16:54:35 odin dhcpd: Open a socket for LPF: Operation not
permitted




/var/log/grsec.log doesnt contain any hints.




Any idea would be welcome.




Kind regards,


Markus









-----BEGIN PGP SIGNATURE-----


Version: GnuPG v2.0.9 (GNU/Linux)




iEYEAREIAAYFAkjqKroACgkQdCBnhE3rYAKOggCbBAS3hGsfJw n9YCRGxEyJ4lCA


mfgAnj6B8Z0uZNpSyL4/7FrWsr9iRfF+


=pYUj


-----END PGP SIGNATURE-----


Hi brant.



Yes. chroot restrictions are set and no, socket restrictions are not
set.

Thanks in advance.



Markus.
 
Old 10-06-2008, 03:33 PM
"René Rhéaume"
 
Default /etc/init.d/dhcpd start -> error

On Mon, Oct 6, 2008 at 11:04 AM, Markus Bartl
<hardened@noack-ingenieure.de> wrote:
> Hi there.
>
> I did a fresh installation with hardened-sources 2.6.25-r7 with pax and
> grsec (server) enabled.
> After installing dhcpd with configuration to chroot - environment I get the
> following errors in /var/log/debug:
>
> Oct 6 16:54:35 odin dhcpd: unable to create icmp socket: Operation not
> permitted

Look at this, http://forums.grsecurity.net/viewtopic.php?f=3&t=1882 .
It is about good old ping, also using ICMP.
 
Old 10-06-2008, 04:06 PM
Roman Fulop
 
Default /etc/init.d/dhcpd start -> error

Hi,

I had problem running chrooted dhcp 3.1.1 with
CONFIG_GRKERNSEC_CHROOT_CAPS set. Try disabling it via sysctl or procfs.

Roman

Markus Bartl wrote:
> brant williams schrieb:
>
> Did you enable any chroot restrictions in the kernel config?
>
>
> brant williams
> FCAA CDCA 20BC 3925 D634 F5C4 7420 6784 4DEB 6002
>
>
>
> On Mon, 6 Oct 2008, Markus Bartl wrote:
>
>>>> Date: Mon, 06 Oct 2008 17:04:15 +0200
>>>> From: Markus Bartl <hardened@noack-ingenieure.de>
>>>> Reply-To: gentoo-hardened@lists.gentoo.org
>>>> To: gentoo-hardened@lists.gentoo.org
>>>> Subject: [gentoo-hardened] /etc/init.d/dhcpd start -> error
>>>>
>>>> Hi there.
>>>>
>>>> I did a fresh installation with hardened-sources 2.6.25-r7 with pax
>>>> and grsec (server) enabled.
>>>> After installing dhcpd with configuration to chroot - environment I
>>>> get the following errors in /var/log/debug:
>>>>
>>>> Oct 6 16:54:35 odin dhcpd: unable to create icmp socket: Operation
>>>> not permitted
>>>> ...
>>>> Oct 6 16:54:35 odin dhcpd: Open a socket for LPF: Operation not
>>>> permitted
>>>>
>>>> /var/log/grsec.log doesnt contain any hints.
>>>>
>>>> Any idea would be welcome.
>>>>
>>>> Kind regards,
>>>> Markus
>>>>
>>>>
>>>>
> Hi brant.

> Yes. chroot restrictions are set and no, socket restrictions are not set.
> Thanks in advance.

> Markus.
 
Old 10-06-2008, 04:43 PM
Clemente Aguiar
 
Default /etc/init.d/dhcpd start -> error

I had the same problem, check:
http://bugs.gentoo.org/show_bug.cgi?id=205695

This was with a previous version of the kernel, but the "culprit" was
the GRSEC config.

Clemente


On Mon, 2008-10-06 at 17:04 +0200, Markus Bartl wrote:
> Hi there.
>
> I did a fresh installation with hardened-sources 2.6.25-r7 with pax
> and grsec (server) enabled.
> After installing dhcpd with configuration to chroot - environment I
> get the following errors in /var/log/debug:
>
> Oct 6 16:54:35 odin dhcpd: unable to create icmp socket: Operation
> not permitted
> ...
> Oct 6 16:54:35 odin dhcpd: Open a socket for LPF: Operation not
> permitted
>
> /var/log/grsec.log doesnt contain any hints.
>
> Any idea would be welcome.
>
> Kind regards,
> Markus
>
 
Old 10-06-2008, 08:48 PM
Markus Bartl
 
Default /etc/init.d/dhcpd start -> error

Hi Roman.

That did it. Thanks.
Could anybody explain what happened there?
Thanks.

Markus

Roman Fulop schrieb:

Hi,

I had problem running chrooted dhcp 3.1.1 with
CONFIG_GRKERNSEC_CHROOT_CAPS set. Try disabling it via sysctl or procfs.

Roman

Markus Bartl wrote:


brant williams schrieb:

Did you enable any chroot restrictions in the kernel config?


brant williams
FCAA CDCA 20BC 3925 D634 F5C4 7420 6784 4DEB 6002



On Mon, 6 Oct 2008, Markus Bartl wrote:



Date: Mon, 06 Oct 2008 17:04:15 +0200
From: Markus Bartl <hardened@noack-ingenieure.de>
Reply-To: gentoo-hardened@lists.gentoo.org
To: gentoo-hardened@lists.gentoo.org
Subject: [gentoo-hardened] /etc/init.d/dhcpd start -> error

Hi there.

I did a fresh installation with hardened-sources 2.6.25-r7 with pax
and grsec (server) enabled.
After installing dhcpd with configuration to chroot - environment I
get the following errors in /var/log/debug:

Oct 6 16:54:35 odin dhcpd: unable to create icmp socket: Operation
not permitted
...
Oct 6 16:54:35 odin dhcpd: Open a socket for LPF: Operation not
permitted

/var/log/grsec.log doesnt contain any hints.

Any idea would be welcome.

Kind regards,
Markus





Hi brant.





Yes. chroot restrictions are set and no, socket restrictions are not set.
Thanks in advance.





Markus.
 

Thread Tools




All times are GMT. The time now is 03:26 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org