Cannot create socket

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Cannot create socket

Postby dy/dx » Tue May 17, 2005 8:04 am

Hi,

I installed grsecurity on 2.4.30 and everything is working except the DHCP Server (ver. 3).

I've installed dhcpd3 in a chroot jail.

I set security level to high and everything works except the DHCP server so it would be great if I do not have to change it to another level.

When I start the DHCP with the following options:

Code: Select all
/usr/sbin/dhcpd3 -q -cf /etc/dhcp3/dhcpd.conf -user dhcp -group nogroup -chroot /home/system/dhcp -lf /dhcpd.leases eth0


I get this error message in syslog (and DHCPd is not starting)

Code: Select all
(...)
May 17 12:21:48 (none) dhcpd: Open a socket for LPF: Operation not permitted
(...)


I do not know exactly what that means I also did not found the appropriate option in grsecurity.

But is there a way to enable opening a socket (for LPF) in a chroot jail just for the dhcpd server?

That would be great!




Thanks a lot!

Niki


PS: If this is not possible, can you tell me WHICH option in grsecurity I must switch off?
dy/dx
 
Posts: 1
Joined: Tue May 17, 2005 7:57 am

Postby std0ut » Wed May 18, 2005 8:26 am

AFAIK you can enable a special group with grsec that can't make sockets...(client, servers, both).. So check if dhcp is not in that group or something..
std0ut
 
Posts: 4
Joined: Mon May 09, 2005 2:05 am


Return to grsecurity support

cron