From owner-freebsd-jail@FreeBSD.ORG Fri Aug 23 14:35:44 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 6B780225 for ; Fri, 23 Aug 2013 14:35:44 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.52.97]) by mx1.freebsd.org (Postfix) with ESMTP id 48D372BB1 for ; Fri, 23 Aug 2013 14:35:44 +0000 (UTC) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id 87477CB8C91; Fri, 23 Aug 2013 09:35:43 -0500 (CDT) Received: from 128.135.70.2 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Fri, 23 Aug 2013 09:35:43 -0500 (CDT) Message-ID: <53156.128.135.70.2.1377268543.squirrel@cosmo.uchicago.edu> In-Reply-To: <52177C19.6040909@gmail.com> References: <52177C19.6040909@gmail.com> Date: Fri, 23 Aug 2013 09:35:43 -0500 (CDT) Subject: Re: connect -1 errno 1 Operation not permitted with specific user (nagios) From: "Valeri Galtsev" To: "Mike C." User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: galtsev@kicp.uchicago.edu List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Aug 2013 14:35:44 -0000 To the best of my knowledge, raw sockets are not allowed inside jail by default. This might be your problem (as far as I know how nagios works). To allow raw sockets you can do sysctl security.jail.allow_raw_sockets=1 then you need to restart at least the jail inside which your nagios instance lives. To make the above enabled at boot time you can add the following line into /etc/sysctl.conf security.jail.allow_raw_sockets=1 BTW, beware: this affects all jails. I hope, this helps. Thanks. Valeri On Fri, August 23, 2013 10:13 am, Mike C. wrote: > > I'm having a problem with nagios under a jail... commands works has root > and another normal user I created (its not even in the wheel group) > > running commands such has "check_http" get me a Operation not permited, > with ktrace I was able to confirm the probelm: > connect -1 errno 1 Operation not permitted > > > The thing is this only happens with the user nagios and I can not figure > out why! > > I'm very new to jails, so I'm user I'm possibly missing something > trivial, but I would appreciate an help! > > What could be different about the user to not allow "connect" ? > > Many thanks > > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++