Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] non-root users cant use network


i checked strace already but it doesnt appear to tell me much. see below.

i ran chmod -R 777 over /proc /sys and /dev
same problem.

as for SELinux, i couldnt find any selinux configs and according to ls
-Z none of the files are labelled so it looks like its not running,
however ive rebooted with selinux=0 and enforcing=0 as kernel args on
the boot line. problem persists.

as Flanders would say "as melon scratchers go, that's a honey doodle" :)


cpbarnes@netbook:~$ strace -o strace_wget.txt wget -t 1 http://127.0.0.1

execve("/usr/bin/wget", ["wget", "-t", "1", "http://127.0.0.1";], [/*
13 vars */]) = 0
brk(0)                                  = 0x68000
uname({sys="Linux", node="netbook", ...}) = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x4001d000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=31752, ...}) = 0
mmap2(NULL, 31752, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40026000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/libssl.so.0.9.8", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0`\335\0\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=270772, ...}) = 0
mmap2(NULL, 302164, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x4002e000
mprotect(0x4006d000, 28672, PROT_NONE)  = 0
mmap2(0x40074000, 16384, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3e) = 0x40074000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/libcrypto.so.0.9.8", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\24Y\4\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=1247604, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x4001e000
mmap2(NULL, 1291440, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
3, 0) = 0x40078000
mprotect(0x40193000, 32768, PROT_NONE)  = 0
mmap2(0x4019b000, 90112, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11b) = 0x4019b000
mmap2(0x401b1000, 9392, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x401b1000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/libdl.so.2", O_RDONLY)       = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0$\t\0\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=9808, ...}) = 0
mmap2(NULL, 41136, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x401b4000
mprotect(0x401b6000, 28672, PROT_NONE)  = 0
mmap2(0x401bd000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x401bd000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/librt.so.1", O_RDONLY)       = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\300\26\0\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=26632, ...}) = 0
mmap2(NULL, 57876, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x401bf000
mprotect(0x401c5000, 28672, PROT_NONE)  = 0
mmap2(0x401cc000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5) = 0x401cc000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/libgcc_s.so.1", O_RDONLY)    = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\4-\0\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=47212, ...}) = 0
mmap2(NULL, 78548, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x401ce000
mprotect(0x401da000, 28672, PROT_NONE)  = 0
mmap2(0x401e1000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xb) = 0x401e1000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\314V\1\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1205684, ...}) = 0
mmap2(NULL, 1242372, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
3, 0) = 0x401e2000
mprotect(0x40305000, 28672, PROT_NONE)  = 0
mmap2(0x4030c000, 12288, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x122) = 0x4030c000
mmap2(0x4030f000, 9476, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4030f000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/usr/lib/libz.so.1", O_RDONLY)    = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0
\27\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=82124, ...}) = 0
mmap2(NULL, 113452, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x40312000
mprotect(0x40326000, 28672, PROT_NONE)  = 0
mmap2(0x4032d000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13) = 0x4032d000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/libpthread.so.0", O_RDONLY)  = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\fD\0\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=120505, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x4001f000
mmap2(NULL, 127508, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x4032e000
mprotect(0x40343000, 28672, PROT_NONE)  = 0
mmap2(0x4034a000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14) = 0x4034a000
mmap2(0x4034c000, 4628, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4034c000
close(3)                                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x40020000
set_tls(0x4001fd30, 0x40020407, 0x40020408, 0x4001fd30, 0x40025000) = 0
mprotect(0x4034a000, 4096, PROT_READ)   = 0
mprotect(0x4030c000, 8192, PROT_READ)   = 0
mprotect(0x401cc000, 4096, PROT_READ)   = 0
mprotect(0x401bd000, 4096, PROT_READ)   = 0
mprotect(0x40024000, 4096, PROT_READ)   = 0
munmap(0x40026000, 31752)               = 0
set_tid_address(0x4001f8d8)             = 1087
set_robust_list(0x4001f8e0, 0xc)        = 0
futex(0xbe890844, FUTEX_WAKE_PRIVATE, 1) = 0
futex(0xbe890844, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 1,
NULL, 4034b000) = -1 EAGAIN (Resource temporarily unavailable)
rt_sigaction(SIGRTMIN, {0x40332314, [], SA_SIGINFO|0x4000000}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x403321a8, [],
SA_RESTART|SA_SIGINFO|0x4000000}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
brk(0)                                  = 0x68000
brk(0x89000)                            = 0x89000
stat64("/etc/wgetrc", {st_mode=S_IFREG|0644, st_size=4496, ...}) = 0
open("/etc/wgetrc", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=4496, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x40021000
read(3, "###\n### Sample Wget initializati"..., 4096) = 4096
read(3, "nks = on having been specified),"..., 4096) = 400
read(3, "", 4096)                       = 0
close(3)                                = 0
munmap(0x40021000, 4096)                = 0
stat64("/home/cpbarnes/.wgetrc", 0xbe8905f0) = -1 ENOENT (No such file
or directory)
ioctl(2, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(2, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
rt_sigaction(SIGHUP, {SIG_IGN, [HUP], SA_RESTART|0x4000000}, {SIG_DFL,
[], 0}, 8) = 0
rt_sigaction(SIGHUP, {0x25524, [HUP], SA_RESTART|0x4000000}, {SIG_IGN,
[HUP], SA_RESTART|0x4000000}, 8) = 0
rt_sigaction(SIGUSR1, {0x25524, [USR1], SA_RESTART|0x4000000},
{SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGPIPE, {SIG_IGN, [PIPE], SA_RESTART|0x4000000},
{SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGWINCH, {0x2616c, [WINCH], SA_RESTART|0x4000000},
{SIG_DFL, [], 0}, 8) = 0
stat64("index.html", 0xbe890300)        = -1 ENOENT (No such file or directory)
stat64("index.html", 0xbe890360)        = -1 ENOENT (No such file or directory)
stat64("index.html", 0xbe890300)        = -1 ENOENT (No such file or directory)
gettimeofday({1314647403, 902610}, NULL) = 0
open("/etc/localtime", O_RDONLY)        = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=2102, ...}) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=2102, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x40021000
read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0"...,
4096) = 2102
_llseek(3, -28, [2074], SEEK_CUR)       = 0
read(3, "\nCET-1CEST,M3.5.0,M10.5.0/3\n", 4096) = 28
close(3)                                = 0
munmap(0x40021000, 4096)                = 0
write(2, "--2011-08-29 21:50:03--  http://";..., 43) = 43
stat64("/home/cpbarnes/.netrc", 0xbe8900f8) = -1 ENOENT (No such file
or directory)
   <--------    BEGIN INTERESTING SECTION    -------->
socket(PF_NETLINK, SOCK_RAW, 0)         = 3
bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(3, {sa_family=AF_NETLINK, pid=1087, groups=00000000}, [12]) = 0
gettimeofday({1314647403, 949348}, NULL) = 0
sendto(3, "\24\0\0\0\26\0\1\3k\355[N\0\0\0\0\0\0\0\0", 20, 0,
{sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0,
groups=00000000},
msg_iov(1)=[{"0\0\0\0\24\0\2\0k\355[N?\4\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"...,
4096}], msg_controllen=0, msg_flags=0}, 0) = 48
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0,
groups=00000000},
msg_iov(1)=[{"\24\0\0\0\3\0\2\0k\355[N?\4\0\0\0\0\0\0\1\0\0\0\10\0\1\0\177\0\0\1"...,
4096}], msg_controllen=0, msg_flags=0}, 0) = 20
close(3)                                = 0
write(2, "Connecting to 127.0.0.1:80... ", 30) = 30
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = -1 EACCES (Permission denied)
write(2, "failed: Permission denied.\n", 27) = 27
    <--------    END INTERESTING SECTION    -------->
gettimeofday({1314647403, 986997}, NULL) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2102, ...}) = 0
write(2, "Giving up.\n\n", 12)          = 12
close(2)                                = 0
exit_group(4)                           = ?

On Mon, Aug 29, 2011 at 1:46 PM, Nick Andrew <nick@xxxxxxxxxxxxxxx> wrote:
> On Mon, Aug 29, 2011 at 01:06:34PM +1000, Chris Barnes wrote:
>> cpbarnes@netbook:~$ ping 127.0.0.1
>> socket: Permission denied
>> cpbarnes@netbook:~$ wget http://127.0.0.1/
>> Connecting to 127.0.0.1:80... failed: Permission denied.
>
> Interesting.
>
> Try "strace wget http://127.0.0.1/"; and see which system calls are failing.
>
> My guess is bad permissions on /dev, /sys or /proc. Backup guesses are:
> something to do with selinux, out of memory, bad capabilities, or some
> important module not loaded!
>
> Nick.
>
>



--
Kind Regards,

Christopher Barnes

e. chris.p.barnes@xxxxxxxxx