Date: Tue, 23 Jul 2019 05:56:24 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 239393] connect(2) returns EACCESS in vnet jail Message-ID: <bug-239393-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D239393 Bug ID: 239393 Summary: connect(2) returns EACCESS in vnet jail Product: Base System Version: 12.0-STABLE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: yuri@freebsd.org All connect(2) calls fail in the vnet jail, for example: > 20421 ssh CALL socket(PF_INET,0x1<SOCK_STREAM>,IPPROTO_TCP) > 20421 ssh RET socket 3 > 20421 ssh CALL fcntl(0x3,F_SETFD,FD_CLOEXEC) > 20421 ssh RET fcntl 0 > 20421 ssh CALL connect(0x3,0x8002770b0,0x10) > 20421 ssh STRU struct sockaddr { AF_INET, 192.168.5.1:22 } > 20421 ssh RET connect -1 errno 13 Permission denied In jail: > $ ifconfig > lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=3D680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> > inet 127.0.0.1 netmask 0xff000000 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 > groups: lo > nd6 options=3D21<PERFORMNUD,AUTO_LINKLOCAL> > ng0_rsnapshot: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metri= c 0 mtu 1500 > options=3D28<VLAN_MTU,JUMBO_MTU> > ether 02:f8:e0:1a:a7:22 > inet 192.168.5.203 netmask 0xffffff00 broadcast 192.168.5.255 > inet6 fe80::f8:e0ff:fe1a:a722%ng0_rsnapshot prefixlen 64 scopeid 0x2 > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active > nd6 options=3D21<PERFORMNUD,AUTO_LINKLOCAL> ng0_rsnapshot has been created using /usr/src/share/examples/jails/jng: > jng bridge rsnapshot sk0 ng0_rsnapshot is a netgraph-based pseudo-interface connected to ng_bridge: > $ sudo ngctl list > There are 4 total nodes: > Name: sk0bridge Type: bridge ID: 00000054 Num hooks: 3 > Name: ng0_rsnapshot Type: eiface ID: 00000059 Num hooks: 1 > Name: ngctl20803 Type: socket ID: 0000005d Num hooks: 0 > Name: sk0 Type: ether ID: 0000002d Num hooks: 2 The problem: the man page connect(2) only says that EACCESS can occur for broadcast requests: > [EACCES] An attempt is made to connect to a broadcast addr= ess > (obtained through the INADDR_BROADCAST constant o= r the > INADDR_NONE return value) through a socket that d= oes > not provide broadcast functionality. At least this man page is wrong because it doesn't list the cause of EACCES= S in my case. The EACCESS failure is also possibly a bug, because it's hard to see what is wrong, why it can't connect in a normal way, or return a normal socket-spec= ific error code? --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-239393-227>