Date: Fri, 23 Aug 2013 10:31:10 -0600 From: Josh Beard <josh@signalboxes.net> To: "Mike C." <miguelmclara@gmail.com> Cc: freebsd-jail@freebsd.org Subject: Re: connect -1 errno 1 Operation not permitted with specific user (nagios) Message-ID: <CAHDrHSuupiWJxAw3arOas1UNCSm_5iqqxn2_eCt84KFiE8wwVA@mail.gmail.com> In-Reply-To: <521790D1.8020705@gmail.com> References: <20130823145305.GZ99960@www.jail.lambertfam.org> <52178F28.9010108@gmail.com> <521790D1.8020705@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 23, 2013 at 10:41 AM, Mike C. <miguelmclara@gmail.com> wrote:
>
> On 08/23/13 16:34, Mike C. wrote:
> > Yes I know about
> >
> >> security.jail.allow_raw_sockets=1
> >
> > Like I said I can do this with "root" just not with the user nagios, I
> guess If raw_sockets was set to 0 on the host, I would have problems with
> any user!
> >
> >
> >
> > ----
> > Putting this in /etc/rc.conf:
> >
> > jail_${JailName}_parameters="allow.raw_sockets=1"
> >
> > does not allow every jail access to raw sockets. There is an example in
> > /etc/defaults/rc.conf.
> >
> >
>
> [EDIT: better englih... sorry typing on smartphones sucks]
>
> Now this is something I wasn't aware of... very nice and thanks for the
> tip on ez-jails, I'm indeed using ez-jails!
>
> Is there any other setting that would forbid non root users to use raw
> sockets?
>
> Thanks
>
>
>
>
Mike,
Doesn't sound to me like an issue with the jail's configuration, but I'm no
expert.
I'm running NRPE on many jails without issue there and without any special
jail configuration.
Are you getting "Operation not permitted" output from the "check_http"
plugin on the local system or over something like NRPE our through the
Nagios configurations?
Josh
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHDrHSuupiWJxAw3arOas1UNCSm_5iqqxn2_eCt84KFiE8wwVA>