unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed
* Can't bind to port 80 from inside a Guix container
@ 2021-04-21 15:11 edk
  2021-04-28 19:12 ` Edouard Klein
  0 siblings, 1 reply; 2+ messages in thread
From: edk @ 2021-04-21 15:11 UTC (permalink / raw)
  To: help-guix

Dear fellow Guixers,

I'm trying to run nginx with `guix system container --network toto.scm`,
and I get the following error:

nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)

despite the container script being launched with sudo.

I got a root shell inside the container, checked that the corresponding
process also belongs to root from outside the container, and still don't
have the right to bind to port 80, with any software (this is not an
nginx error).

netcat lets me launch `nc -l 80` but I can't reach it, I don't think it
is actually binding.

Is this a known problem or limitation of guix containers ?

What do you suggest to try to troubleshoot this issue ?

Cheers,

Edouard.


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Can't bind to port 80 from inside a Guix container
  2021-04-21 15:11 Can't bind to port 80 from inside a Guix container edk
@ 2021-04-28 19:12 ` Edouard Klein
  0 siblings, 0 replies; 2+ messages in thread
From: Edouard Klein @ 2021-04-28 19:12 UTC (permalink / raw)
  To: help-guix

Dear all,

I solved my problem by simply unpriviledging all ports on the system:
# echo 'net.ipv4.ip_unprivileged_port_start=0' > /etc/sysctl.d/50-unprivileged-ports.conf
# sysctl --system


Now anybody can bind to any port.

I wish we were on Plan 9 where filesystem permissions applies to the
network too, but we have to use a half-a-century old API instead. I hate
port numbers with a passion.

Anyway. That works, I'm happy. I hope it can be useful to somebody else.

Cheers,

Edouard.
edk@beaver-labs.com writes:

> Dear fellow Guixers,
>
> I'm trying to run nginx with `guix system container --network toto.scm`,
> and I get the following error:
>
> nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
>
> despite the container script being launched with sudo.
>
> I got a root shell inside the container, checked that the corresponding
> process also belongs to root from outside the container, and still don't
> have the right to bind to port 80, with any software (this is not an
> nginx error).
>
> netcat lets me launch `nc -l 80` but I can't reach it, I don't think it
> is actually binding.
>
> Is this a known problem or limitation of guix containers ?
>
> What do you suggest to try to troubleshoot this issue ?
>
> Cheers,
>
> Edouard.



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-04-28 19:13 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-21 15:11 Can't bind to port 80 from inside a Guix container edk
2021-04-28 19:12 ` Edouard Klein

unofficial mirror of help-guix@gnu.org 

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://yhetil.org/guix-user/0 guix-user/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 guix-user guix-user/ https://yhetil.org/guix-user \
		help-guix@gnu.org
	public-inbox-index guix-user

Example config snippet for mirrors.
Newsgroups are available over NNTP:
	nntp://news.yhetil.org/yhetil.gnu.guix.user
	nntp://news.gmane.io/gmane.comp.gnu.guix.user


AGPL code for this site: git clone http://ou63pmih66umazou.onion/public-inbox.git