From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:bcc0::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id +EvNEbpAgGDKUgAAgWs5BA (envelope-from ) for ; Wed, 21 Apr 2021 17:11:54 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id yAOfDbpAgGDoSAAA1q6Kng (envelope-from ) for ; Wed, 21 Apr 2021 15:11:54 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 8114218C9E for ; Wed, 21 Apr 2021 17:11:53 +0200 (CEST) Received: from localhost ([::1]:56560 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lZEW8-0000QQ-AG for larch@yhetil.org; Wed, 21 Apr 2021 11:11:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33094) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lZEVv-0000Pf-4J for help-guix@gnu.org; Wed, 21 Apr 2021 11:11:39 -0400 Received: from sender4-op-o11.zoho.com ([136.143.188.11]:17141) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lZEVt-0007oM-1u for help-guix@gnu.org; Wed, 21 Apr 2021 11:11:38 -0400 ARC-Seal: i=1; a=rsa-sha256; t=1619017893; cv=none; d=zohomail.com; s=zohoarc; b=cRwHKhe75eGfYfchJcNTprPiwinqhoUGkJxPruQPd07SNMt296tD8pcCH+xpSRcgzKKWuna8D2KTdLgqrEyWeSeCoC38l74QImEh8mgihHm/LZHCld85W8IZcFlzr0jgyv5ozb3/Nf7ij0esx8B6RWfqfNgcjALu5eh7jgwaHNA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1619017893; h=Content-Type:Date:From:MIME-Version:Message-ID:Subject:To; bh=vZRTGCRcIgwKcdFsY0abURy2/fMU1z96csxFwaFPdE4=; b=WUGYKG7+h7d9lKOzE1wvNhtOj0QklGs2R2O2gG0FGWtnzG9K07q/P+myw7eTH/NRfwXPCod4kdTVRnCDUfkjMc58kRN1I1W3G4ZkZVLJZFTVTlxyp/WVGVIE/jo70e3ZkJFzNPWQo9RsXWQUlzBvuLxE25c5qkxrBoleMjY1ULA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=beaver-labs.com; spf=pass smtp.mailfrom=edk@beaver-labs.com; dmarc=pass header.from= header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1619017892; s=zoho; d=beaver-labs.com; i=edk@beaver-labs.com; h=From:To:Subject:Message-ID:Date:MIME-Version:Content-Type; bh=vZRTGCRcIgwKcdFsY0abURy2/fMU1z96csxFwaFPdE4=; b=HkCfKmk+Fkl1YEbX7qyqfwPeC+2yDB+uB2kvlJ74M9EDZCU9eBlh2G8gRs80Jb6c tji/KIyhjZBQXFkPmfpdDPK7DsaxITiyGaXIJ/YBXZZgEvm1Dms8eBREG8MzmHQLJah vK7+Sbr1Dh7C9yLMlSCfyD5n24Wt1Q42/aaewIyI= Received: from Rasoir (lfbn-idf3-1-808-29.w90-3.abo.wanadoo.fr [90.3.133.29]) by mx.zohomail.com with SMTPS id 1619017890041650.4271366426422; Wed, 21 Apr 2021 08:11:30 -0700 (PDT) User-agent: mu4e 1.4.15; emacs 27.1 From: edk@beaver-labs.com To: help-guix@gnu.org Subject: Can't bind to port 80 from inside a Guix container Message-ID: <878s5b7jvv.fsf@rdklein.fr> Date: Wed, 21 Apr 2021 17:11:16 +0200 MIME-Version: 1.0 Content-Type: text/plain X-ZohoMailClient: External Received-SPF: pass client-ip=136.143.188.11; envelope-from=edk@beaver-labs.com; helo=sender4-op-o11.zoho.com X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1619017914; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=vZRTGCRcIgwKcdFsY0abURy2/fMU1z96csxFwaFPdE4=; b=NxkxiKzZUM2zCJ5uQqFiNUPgocqz6MxplXEDScFy1kDkAFdhQ223qs6AsAF+dHE2wD8gne moYJSMrxSPAg/TuumAz+8lIrfiRAp08UF4cKCawn8IXBRi9p2o6roCQ9+BlHIzNYuB5v+o uSTWAe20JXEUc7rDPuY4J1knw872tpNSVjM362t1IYibpk8CqehbcFqAPMEiU6U8Wt8MNe SvD68geGmfO9rG6ksTyAVx1bfDBALtlbo2CLWYJ6mEVNcNGQt3eSACn22e/7ZhRLaKMPFb zfdZD7wNA3bUFZDGGCglKB5mJQPbBEezWr5ONZCyzWYkPHKx7feq78hjtPOOlQ== ARC-Seal: i=2; s=key1; d=yhetil.org; t=1619017914; a=rsa-sha256; cv=pass; b=lYqx1Ll39XdZudx/vp73iVD5yaYNq6a2iGpsJ4mmgA0aCpo18kyGkQhaRFR/hTut11/S75 ThhUz/wleYL5zZwYBxd2AibUM6OiXVSb9UN0ewzhVx5pfgG3sUc4SYZx3SDqyXEk7emcWu XtnAzt61ggHAPnsQZpIK/+Qjs1GgoGilRjGPQce8FNK/j8k2TE/A/io6p/ikksOqGjhrHf tJ5k5DpT9Hjg/HWaPFdNemrsReo1Z5JX5PunnDiYjNH6pkzY3p/MLnO/Xg3BcZ0ZCPWta9 qWV76Oxv2lC3l4TdzqV5ucFwKzSC9hl6CFEhWfjQPpBwoi0YLlRqRQDciReOqw== ARC-Authentication-Results: i=2; aspmx1.migadu.com; dkim=none ("invalid DKIM record") header.d=beaver-labs.com header.s=zoho header.b=HkCfKmk+; arc=pass ("zohomail.com:s=zohoarc:i=1"); dmarc=none; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Migadu-Spam-Score: -3.44 Authentication-Results: aspmx1.migadu.com; dkim=none ("invalid DKIM record") header.d=beaver-labs.com header.s=zoho header.b=HkCfKmk+; arc=pass ("zohomail.com:s=zohoarc:i=1"); dmarc=none; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Migadu-Queue-Id: 8114218C9E X-Spam-Score: -3.44 X-Migadu-Scanner: scn0.migadu.com X-TUID: N10GuMQ+A9ZE Dear fellow Guixers, I'm trying to run nginx with `guix system container --network toto.scm`, and I get the following error: nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied) despite the container script being launched with sudo. I got a root shell inside the container, checked that the corresponding process also belongs to root from outside the container, and still don't have the right to bind to port 80, with any software (this is not an nginx error). netcat lets me launch `nc -l 80` but I can't reach it, I don't think it is actually binding. Is this a known problem or limitation of guix containers ? What do you suggest to try to troubleshoot this issue ? Cheers, Edouard.