From owner-freebsd-bugs@freebsd.org Tue Jul 23 05:56:25 2019 Return-Path: Delivered-To: freebsd-bugs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0998BC6ABC for ; Tue, 23 Jul 2019 05:56:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id DDF4077CDF for ; Tue, 23 Jul 2019 05:56:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id DBC17C6ABB; Tue, 23 Jul 2019 05:56:24 +0000 (UTC) Delivered-To: bugs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DB7A2C6ABA for ; Tue, 23 Jul 2019 05:56:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BC89577CDE for ; Tue, 23 Jul 2019 05:56:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8E046212A7 for ; Tue, 23 Jul 2019 05:56:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id x6N5uOgS031662 for ; Tue, 23 Jul 2019 05:56:24 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id x6N5uOGn031661 for bugs@FreeBSD.org; Tue, 23 Jul 2019 05:56:24 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 239393] connect(2) returns EACCESS in vnet jail Date: Tue, 23 Jul 2019 05:56:24 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 12.0-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: yuri@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Rspamd-Queue-Id: BC89577CDE X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.97 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.97)[-0.974,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jul 2019 05:56:25 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D239393 Bug ID: 239393 Summary: connect(2) returns EACCESS in vnet jail Product: Base System Version: 12.0-STABLE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: yuri@freebsd.org All connect(2) calls fail in the vnet jail, for example: > 20421 ssh CALL socket(PF_INET,0x1,IPPROTO_TCP) > 20421 ssh RET socket 3 > 20421 ssh CALL fcntl(0x3,F_SETFD,FD_CLOEXEC) > 20421 ssh RET fcntl 0 > 20421 ssh CALL connect(0x3,0x8002770b0,0x10) > 20421 ssh STRU struct sockaddr { AF_INET, 192.168.5.1:22 } > 20421 ssh RET connect -1 errno 13 Permission denied In jail: > $ ifconfig > lo0: flags=3D8049 metric 0 mtu 16384 > options=3D680003 > inet 127.0.0.1 netmask 0xff000000 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 > groups: lo > nd6 options=3D21 > ng0_rsnapshot: flags=3D8843 metri= c 0 mtu 1500 > options=3D28 > ether 02:f8:e0:1a:a7:22 > inet 192.168.5.203 netmask 0xffffff00 broadcast 192.168.5.255 > inet6 fe80::f8:e0ff:fe1a:a722%ng0_rsnapshot prefixlen 64 scopeid 0x2 > media: Ethernet autoselect (1000baseT ) > status: active > nd6 options=3D21 ng0_rsnapshot has been created using /usr/src/share/examples/jails/jng: > jng bridge rsnapshot sk0 ng0_rsnapshot is a netgraph-based pseudo-interface connected to ng_bridge: > $ sudo ngctl list > There are 4 total nodes: > Name: sk0bridge Type: bridge ID: 00000054 Num hooks: 3 > Name: ng0_rsnapshot Type: eiface ID: 00000059 Num hooks: 1 > Name: ngctl20803 Type: socket ID: 0000005d Num hooks: 0 > Name: sk0 Type: ether ID: 0000002d Num hooks: 2 The problem: the man page connect(2) only says that EACCESS can occur for broadcast requests: > [EACCES] An attempt is made to connect to a broadcast addr= ess > (obtained through the INADDR_BROADCAST constant o= r the > INADDR_NONE return value) through a socket that d= oes > not provide broadcast functionality. At least this man page is wrong because it doesn't list the cause of EACCES= S in my case. The EACCESS failure is also possibly a bug, because it's hard to see what is wrong, why it can't connect in a normal way, or return a normal socket-spec= ific error code? --=20 You are receiving this mail because: You are the assignee for the bug.=