Date: Sun, 10 Oct 2004 11:09:58 -0400 (EDT) From: Robert Watson <rwatson@freebsd.org> To: swp@swp.pp.ru Cc: csjp@freebsd.org Subject: Re: why required root privileges to set multicast options now? Message-ID: <Pine.NEB.3.96L.1041010110526.26690C-100000@fledge.watson.org> In-Reply-To: <20041010065909.GA8177@swp.bspu.secna.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 10 Oct 2004 swp@swp.pp.ru wrote: > FreeBSD 5.3-BETA7 Sun Oct 10 18:50:14 OMSST 2004 > > ospfd (net/quagga from ports) run with credentials of quagga:quagga and > unable to set multicast options now. > > OSPF: can't setsockopt IP_ADD_MEMBERSHIP (AllSPFRouters): \ > Operation not permitted > OSPF: can't setsockopt IP_MULTICAST_LOOP(0): Operation not permitted > OSPF: can't setsockopt IP_MULTICAST_TTL(1): Operation not permitted > OSPF: can't setsockopt IP_MULTICAST_IF: Operation not permitted > > 5.2-CURRENT and 5.2.1 have no problem. This appears to have been introduced as a result of changes to permit root to bind raw sockets in jail. In particular, the likely control flow path to get the above errors was to perform setsockopt() on a UDP socket, which probaly works its way down to in_control() to ip_ctloutput(). This would also explain why sdr stopped working for me a little while ago (I figured it was a bad package build). I've CC'd Christian as he might have some insight into how to clean this up. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Principal Research Scientist, McAfee Research
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1041010110526.26690C-100000>