我想从Debian Lenny
的chroot监狱运行dhcpd3
。 目前,我可以从我的监狱根部运行。
现在我想做非root用户(如“-u blah -t / path / to / jail”绑定选项)。
如果我开始这样的过程:
start-stop-daemon --chroot / home / jails / dhcp --chuid dhcp \ --start --pidfile /home/jails/dhcp/var/run/dhcp.pid --exec / usr / sbin / dhcpd3
我遇到这些错误:
Internet Systems Consortium DHCP服务器V3.1.1 版权所有2004-2008 Internet Systems Consortium。 版权所有。 有关信息,请访问http://www.isc.org/sw/dhcp/ 无法创buildicmp套接字:操作不允许 写0删除主机decls租赁文件。 写0新的dynamic主机decls租赁文件。 写出0个租约来租赁文件。 打开LPF套接字:操作不允许
strace:
brk(0)= 0x911b000 fcntl64(0,F_GETFD)= 0 fcntl64(1,F_GETFD)= 0 fcntl64(2,F_GETFD)= 0 访问(“/ etc / suid-debug”,F_OK)= -1 ENOENT(没有这样的文件或目录) 访问(“/ etc / ld.so.nohwcap”,F_OK)= -1 ENOENT(没有这样的文件或目录) mmap2(NULL,4096,PROT_READ | PROT_WRITE,MAP_PRIVATE | MAP_ANONYMOUS,-1,0)= 0xb775d000 访问(“/ etc / ld.so.preload”,R_OK)= -1 ENOENT(没有这样的文件或目录) 打开(“/ etc / ld.so.cache”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) open(“/ lib / tls / i686 / cmov / libc.so.6”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ lib / tls / i686 / cmov”,0xbfc2ac84)= -1 ENOENT(没有这样的文件或目录) 打开(“/ lib / tls / i686 / libc.so.6”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ lib / tls / i686”,0xbfc2ac84)= -1 ENOENT(没有这样的文件或目录) 打开(“/ lib / tls / cmov / libc.so.6”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ lib / tls / cmov”,0xbfc2ac84)= -1 ENOENT(没有这样的文件或目录) 打开(“/ lib / tls / libc.so.6”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ lib / tls”,0xbfc2ac84)= -1 ENOENT(没有这样的文件或目录) 打开(“/ lib / i686 / cmov / libc.so.6”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ lib / i686 / cmov”,0xbfc2ac84)= -1 ENOENT(没有这样的文件或目录) 打开(“/ lib / i686 / libc.so.6”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ lib / i686”,0xbfc2ac84)= -1 ENOENT(没有这样的文件或目录) open(“/ lib / cmov / libc.so.6”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ lib / cmov”,0xbfc2ac84)= -1 ENOENT(没有这样的文件或目录) 打开(“/ lib / libc.so.6”,O_RDONLY)= 3 (3,“\ 177ELF \ 1 \ 1 \ 1 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 3 \ 0 \ 3 \ 0 \ 1 \ 1 \ 0004 \ 0 \ 0 \ 0t“...,512)= 512 fstat64(3,{st_mode = S_IFREG | 0755,st_size = 1294572,...})= 0 mmap2(NULL,4096,PROT_READ | PROT_WRITE,MAP_PRIVATE | MAP_ANONYMOUS,-1,0)= 0xb775c000 mmap2(NULL,1300080,PROT_READ | PROT_EXEC,MAP_PRIVATE | MAP_DENYWRITE,3,0)= 0xb761e000 mmap2(0xb7756000,12288,PROT_READ | PROT_WRITE,MAP_PRIVATE | MAP_FIXED | MAP_DENYWRITE,3,0x138)= 0xb7756000 mmap2(0xb7759000,9840,PROT_READ | PROT_WRITE,MAP_PRIVATE | MAP_FIXED | MAP_ANONYMOUS,-1,0)= 0xb7759000 closures(3)= 0 mmap2(NULL,4096,PROT_READ | PROT_WRITE,MAP_PRIVATE | MAP_ANONYMOUS,-1,0)= 0xb761d000 set_thread_area({entry_number:-1 - > 6,base_addr:0xb761d6b0,limit:1048575,seg_32bit:1,内容:0,read_exec_only:0,limit_in_pages:1,seg_not_present:0,可用:1})= 0 mprotect(0xb7756000,4096,PROT_READ)= 0 打开(“/ dev / null”,O_RDWR)= 3 closures(3)= 0 brk(0)= 0x911b000 brk(0x913c000)= 0x913c000 套接字(PF_FILE,SOCK_DGRAM,0)= 3 fcntl64(3,F_SETFD,FD_CLOEXEC)= 0 connect(3,{sa_family = AF_FILE,path =“/ dev / log”...},110)= 0 时间(NULL)= 1284760816 打开(“/ etc / localtime”,O_RDONLY)= 4 fstat64(4,{st_mode = S_IFREG | 0644,st_size = 2945,...})= 0 fstat64(4,{st_mode = S_IFREG | 0644,st_size = 2945,...})= 0 mmap2(NULL,4096,PROT_READ | PROT_WRITE,MAP_PRIVATE | MAP_ANONYMOUS,-1,0)= 0xb761c000 read(4,“TZif2 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ f \ 0 \ 0 \ 0 \ f \ 0 \ 0 \ 0 \ 0 \ 0“...,4096)= 2945 _llseek(4,-28,[2917],SEEK_CUR)= 0 (4,\ nCET-1CEST,M3.5.0,M10.5.0 / 3 \ n“...,4096)= 28 closures(4)= 0 munmap(0xb761c000,4096)= 0 stat64(“/ etc / localtime”,{st_mode = S_IFREG | 0644,st_size = 2945,...})= 0 发送(3,“9月18日00:00:16 dhcpd:实习生”,73,MSG_NOSIGNAL)= 73 写(2,“Internet Systems Consortium DHCP”...,46 Internet System Consortium DHCP Server V3.1.1)= 46 写(2,“\ n”...,1 )= 1 时间(NULL)= 1284760816 stat64(“/ etc / localtime”,{st_mode = S_IFREG | 0644,st_size = 2945,...})= 0 发送(3,“Sep 18 00:00:16 dhcpd:Copyri”...,75,MSG_NOSIGNAL)= 75 写(2,“Copyright 2004-2008 Internet Syst”...,48Copyright 2004-2008 Internet Systems Consortium。)= 48 写(2,“\ n”...,1 )= 1 时间(NULL)= 1284760816 stat64(“/ etc / localtime”,{st_mode = S_IFREG | 0644,st_size = 2945,...})= 0 发送(3,“Sep 18 00:00:16 dhcpd:All ri”...,47,MSG_NOSIGNAL)= 47 写(2,“保留所有权利。”,20All rights reserved。)= 20 写(2,“\ n”...,1 )= 1 时间(NULL)= 1284760816 stat64(“/ etc / localtime”,{st_mode = S_IFREG | 0644,st_size = 2945,...})= 0 发送(3,“9月18日00:00:16 dhcpd:对于在...中,77,MSG_NOSIGNAL)= 77 写(2,“有关信息,请访问http:// www”...,50有关信息,请访问http://www.isc.org/sw/dhcp/)= 50 写(2,“\ n”...,1 )= 1 套接字(PF_FILE,SOCK_STREAM,0)= 4 fcntl64(4,F_SETFL,O_RDWR | O_NONBLOCK)= 0 connect(4,{sa_family = AF_FILE,path =“/ var / run / nscd / socket”...},110)= -1 ENOENT(没有这样的文件或目录) closures(4)= 0 套接字(PF_FILE,SOCK_STREAM,0)= 4 fcntl64(4,F_SETFL,O_RDWR | O_NONBLOCK)= 0 connect(4,{sa_family = AF_FILE,path =“/ var / run / nscd / socket”...},110)= -1 ENOENT(没有这样的文件或目录) closures(4)= 0 打开(“/ etc / nsswitch.conf”,O_RDONLY)= 4 fstat64(4,{st_mode = S_IFREG | 0644,st_size = 475,...})= 0 mmap2(NULL,4096,PROT_READ | PROT_WRITE,MAP_PRIVATE | MAP_ANONYMOUS,-1,0)= 0xb761c000 读取(4,“#/etc/nsswitch.conf\n#\n#例子”...,4096)= 475 读(4,“...,4096)= 0 closures(4)= 0 munmap(0xb761c000,4096)= 0 打开(“/ lib / libnss_db.so.2”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) open(“/ usr / lib / tls / i686 / cmov / libnss_db.so.2”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ usr / lib / tls / i686 / cmov”,0xbfc2ad5c)= -1 ENOENT(没有这样的文件或目录) open(“/ usr / lib / tls / i686 / libnss_db.so.2”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ usr / lib / tls / i686”,0xbfc2ad5c)= -1 ENOENT(没有这样的文件或目录) 打开(“/ usr / lib / tls / cmov / libnss_db.so.2”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ usr / lib / tls / cmov”,0xbfc2ad5c)= -1 ENOENT(没有这样的文件或目录) 打开(“/ usr / lib / tls / libnss_db.so.2”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ usr / lib / tls”,0xbfc2ad5c)= -1 ENOENT(没有这样的文件或目录) open(“/ usr / lib / i686 / cmov / libnss_db.so.2”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ usr / lib / i686 / cmov”,0xbfc2ad5c)= -1 ENOENT(没有这样的文件或目录) 打开(“/ usr / lib / i686 / libnss_db.so.2”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ usr / lib / i686”,0xbfc2ad5c)= -1 ENOENT(没有这样的文件或目录) 打开(“/ usr / lib / cmov / libnss_db.so.2”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ usr / lib / cmov”,0xbfc2ad5c)= -1 ENOENT(没有这样的文件或目录) 打开(“/ usr / lib / libnss_db.so.2”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ usr / lib”,0xbfc2ad5c)= -1 ENOENT(没有这样的文件或目录) open(“/ lib / i486-linux-gnu / tls / i686 / cmov / libnss_db.so.2”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ lib / i486-linux-gnu / tls / i686 / cmov”,0xbfc2ad5c)= -1 ENOENT(没有这样的文件或目录) open(“/ lib / i486-linux-gnu / tls / i686 / libnss_db.so.2”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ lib / i486-linux-gnu / tls / i686”,0xbfc2ad5c)= -1 ENOENT(没有这样的文件或目录) open(“/ lib / i486-linux-gnu / tls / cmov / libnss_db.so.2”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ lib / i486-linux-gnu / tls / cmov”,0xbfc2ad5c)= -1 ENOENT(没有这样的文件或目录) open(“/ lib / i486-linux-gnu / tls / libnss_db.so.2”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ lib / i486-linux-gnu / tls”,0xbfc2ad5c)= -1 ENOENT(没有这样的文件或目录) open(“/ lib / i486-linux-gnu / i686 / cmov / libnss_db.so.2”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ lib / i486-linux-gnu / i686 / cmov”,0xbfc2ad5c)= -1 ENOENT(没有这样的文件或目录) open(“/ lib / i486-linux-gnu / i686 / libnss_db.so.2”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ lib / i486-linux-gnu / i686”,0xbfc2ad5c)= -1 ENOENT(没有这样的文件或目录) open(“/ lib / i486-linux-gnu / cmov / libnss_db.so.2”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ lib / i486-linux-gnu / cmov”,0xbfc2ad5c)= -1 ENOENT(没有这样的文件或目录) open(“/ lib / i486-linux-gnu / libnss_db.so.2”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ lib / i486-linux-gnu”,0xbfc2ad5c)= -1 ENOENT(没有这样的文件或目录) open(“/ usr / lib / i486-linux-gnu / tls / i686 / cmov / libnss_db.so.2”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ usr / lib / i486-linux-gnu / tls / i686 / cmov”,0xbfc2ad5c)= -1 ENOENT(没有这样的文件或目录) open(“/ usr / lib / i486-linux-gnu / tls / i686 / libnss_db.so.2”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ usr / lib / i486-linux-gnu / tls / i686”,0xbfc2ad5c)= -1 ENOENT(没有这样的文件或目录) open(“/ usr / lib / i486-linux-gnu / tls / cmov / libnss_db.so.2”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ usr / lib / i486-linux-gnu / tls / cmov”,0xbfc2ad5c)= -1 ENOENT(没有这样的文件或目录) open(“/ usr / lib / i486-linux-gnu / tls / libnss_db.so.2”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ usr / lib / i486-linux-gnu / tls”,0xbfc2ad5c)= -1 ENOENT(没有这样的文件或目录) open(“/ usr / lib / i486-linux-gnu / i686 / cmov / libnss_db.so.2”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ usr / lib / i486-linux-gnu / i686 / cmov”,0xbfc2ad5c)= -1 ENOENT(没有这样的文件或目录) open(“/ usr / lib / i486-linux-gnu / i686 / libnss_db.so.2”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ usr / lib / i486-linux-gnu / i686”,0xbfc2ad5c)= -1 ENOENT(没有这样的文件或目录) open(“/ usr / lib / i486-linux-gnu / cmov / libnss_db.so.2”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ usr / lib / i486-linux-gnu / cmov”,0xbfc2ad5c)= -1 ENOENT(没有这样的文件或目录) open(“/ usr / lib / i486-linux-gnu / libnss_db.so.2”,O_RDONLY)= -1 ENOENT(没有这样的文件或目录) stat64(“/ usr / lib / i486-linux-gnu”,0xbfc2ad5c)= -1 ENOENT(没有这样的文件或目录) 打开(“/ lib / libnss_files.so.2”,O_RDONLY)= 4 (4,“\ 177ELF \ 1 \ 1 \ 1 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 3 \ 0 \ 3 \ 0 \ 1 \ 30 \ 0 \ 0004 \ 0 \ 0 \ 0 \ 250“...,512)= 512 fstat64(4,{st_mode = S_IFREG | 0644,st_size = 38408,...})= 0 mmap2(NULL,41624,PROT_READ | PROT_EXEC,MAP_PRIVATE | MAP_DENYWRITE,4,0)= 0xb7612000 mmap2(0xb761b000,8192,PROT_READ | PROT_WRITE,MAP_PRIVATE | MAP_FIXED | MAP_DENYWRITE,4,0x8)= 0xb761b000 closures(4)= 0 打开(“/ etc / services”,O_RDONLY | O_CLOEXEC)= 4 fcntl64(4,F_GETFD)= 0x1(标志FD_CLOEXEC) fstat64(4,{st_mode = S_IFREG | 0644,st_size = 18480,...})= 0 mmap2(NULL,4096,PROT_READ | PROT_WRITE,MAP_PRIVATE | MAP_ANONYMOUS,-1,0)= 0xb7611000 阅读(4,“#networking服务,互联网服务”,4096)= 4096 读取(4,“9 / tcp \ t \ t \ t \ t#Quick Mail Transfer Pr”...,4096)= 4096 (4,“note \ t1352 / tcp \ tlotusnotes \ t#Lotus”...,4096)= 4096 阅读(4,“tion \ nafs3 - kaserver \ t7004 / udp \ nafs3 - ”...,4096)= 4096 (4,“backup \ t2989 / tcp \ t \ t \ t#Afmbackup sys”...,4096)= 2096 读(4,“...,4096)= 0 closures(4)= 0 munmap(0xb7611000,4096)= 0 时间(NULL)= 1284760816 打开(“/ etc / protocols”,O_RDONLY | O_CLOEXEC)= 4 fstat64(4,{st_mode = S_IFREG | 0644,st_size = 2626,...})= 0 mmap2(NULL,4096,PROT_READ | PROT_WRITE,MAP_PRIVATE | MAP_ANONYMOUS,-1,0)= 0xb7611000 (4,“#Internet(IP)protocols \ n#\ n#Upd”...,4096)= 2626 closures(4)= 0 munmap(0xb7611000,4096)= 0 套接字(PF_INET,SOCK_RAW,IPPROTO_ICMP)= -1 EPERM(不允许操作) 时间(NULL)= 1284760816 stat64(“/ etc / localtime”,{st_mode = S_IFREG | 0644,st_size = 2945,...})= 0 send(3,“Sep 18 00:00:16 dhcpd:unable”...,80,MSG_NOSIGNAL)= 80 写(2,“无法创buildicmp socket:ope”...,53无法创buildicmp socket:不允许操作)= 53 写(2,“\ n”...,1 )= 1 打开(“/ etc / dhcp3 / dhcpd.conf”,O_RDONLY)= 4 lseek(4,0,SEEK_END)= 1426 lseek(4,0,SEEK_SET)= 0 阅读(4,“#---------------------------- \ n#G”...,1426)= 1426 closures(4)= 0 mmap2(NULL,401408,PROT_READ | PROT_WRITE,MAP_PRIVATE | MAP_ANONYMOUS,-1,0)= 0xb75b0000 mmap2(NULL,401408,PROT_READ | PROT_WRITE,MAP_PRIVATE | MAP_ANONYMOUS,-1,0)= 0xb754e000 mmap2(NULL,401408,PROT_READ | PROT_WRITE,MAP_PRIVATE | MAP_ANONYMOUS,-1,0)= 0xb74ec000 brk(0x916f000)= 0x916f000 closures(3)= 0 套接字(PF_FILE,SOCK_DGRAM,0)= 3 fcntl64(3,F_SETFD,FD_CLOEXEC)= 0 connect(3,{sa_family = AF_FILE,path =“/ dev / log”...},110)= 0 时间(NULL)= 1284760816 stat64(“/ etc / localtime”,{st_mode = S_IFREG | 0644,st_size = 2945,...})= 0 发送(3,“Sep 18 00:00:16 dhcpd:Inter”...,74,MSG_NOSIGNAL)= 74 时间(NULL)= 1284760816 stat64(“/ etc / localtime”,{st_mode = S_IFREG | 0644,st_size = 2945,...})= 0 发送(3,“Sep 18 00:00:16 dhcpd:Copyr”...,76,MSG_NOSIGNAL)= 76 时间(NULL)= 1284760816 stat64(“/ etc / localtime”,{st_mode = S_IFREG | 0644,st_size = 2945,...})= 0 send(3,“Sep 18 00:00:16 dhcpd:All r”...,48,MSG_NOSIGNAL)= 48 时间(NULL)= 1284760816 stat64(“/ etc / localtime”,{st_mode = S_IFREG | 0644,st_size = 2945,...})= 0 send(3,“Sep 18 00:00:16 dhcpd:For i”...,78,MSG_NOSIGNAL)= 78 打开(“/ var / lib / dhcp3 / dhcpd.leases”,O_RDONLY)= 4 lseek(4,0,SEEK_END)= 126 lseek(4,0,SEEK_SET)= 0 读(4,“#这个文件的格式是文件”...,126)= 126 closures(4)= 0 打开(“/ var / lib / dhcp3 / dhcpd.leases”,O_WRONLY | O_CREAT | O_APPEND,0666)= 4 fstat64(4,{st_mode = S_IFREG | 0644,st_size = 126,...})= 0 mmap2(NULL,4096,PROT_READ | PROT_WRITE,MAP_PRIVATE | MAP_ANONYMOUS,-1,0)= 0xb74eb000 fstat64(4,{st_mode = S_IFREG | 0644,st_size = 126,...})= 0 _llseek(4,126,[126],SEEK_SET)= 0 时间(NULL)= 1284760816 时间(NULL)= 1284760816 打开(“/ var / lib / dhcp3 / dhcpd.leases.1284760816”,O_WRONLY | O_CREAT | O_TRUNC,0664)= 5 fcntl64(5,F_GETFL)= 0x1(标志O_WRONLY) fstat64(5,{st_mode = S_IFREG | 0644,st_size = 0,...})= 0 mmap2(NULL,4096,PROT_READ | PROT_WRITE,MAP_PRIVATE | MAP_ANONYMOUS,-1,0)= 0xb74ea000 _llseek(5,0,[0],SEEK_CUR)= 0 closures(4)= 0 munmap(0xb74eb000,4096)= 0 时间(NULL)= 1284760816 stat64(“/ etc / localtime”,{st_mode = S_IFREG | 0644,st_size = 2945,...})= 0 发送(3,“9月18日00:00:16 dhcpd:写”...,70,MSG_NOSIGNAL)= 70 写(2,“写0删除主机退出”...,42写0删除主机退出租用文件。)= 42 写(2,“\ n”...,1 )= 1 时间(NULL)= 1284760816 stat64(“/ etc / localtime”,{st_mode = S_IFREG | 0644,st_size = 2945,...})= 0 发送(3,“9月18日00:00:16 dhcpd:写”...,74,MSG_NOSIGNAL)= 74 写入(2,“写入0新dynamic主机删除”,... 46,写入0新dynamic主机删除出租文件。)= 46 写(2,“\ n”...,1 )= 1 时间(NULL)= 1284760816 stat64(“/ etc / localtime”,{st_mode = S_IFREG | 0644,st_size = 2945,...})= 0 发送(3,“9月18日00:00:16 dhcpd:写”...,58,MSG_NOSIGNAL)= 58 写(2,“出租文件写0租约”,... 30,写租约文件0份)= 30 写(2,“\ n”...,1 )= 1 写(5,“#这个文件的格式是文件”...,126)= 126 fsync(5)= 0 unlink(“/ var / lib / dhcp3 / dhcpd.leases〜”)= 0 链接(“/ var / lib / dhcp3 / dhcpd.leases”,“/var/lib/dhcp3/dhcpd.leases~”)= 0 重命名(“/ var / lib / dhcp3 / dhcpd.leases.1284760816”,“/var/lib/dhcp3/dhcpd.leases”)= 0 套接字(PF_INET,SOCK_DGRAM,IPPROTO_UDP)= 4 ioctl(4,SIOCGIFCONF,{0 - > 64,NULL})= 0 ioctl(4,SIOCGIFCONF {64,{{“lo”,{AF_INET,inet_addr(“127.0.0.1”)}},{“eth0”,{AF_INET,inet_addr(“192.168.0.10”)}}}}) = 0 ioctl(4,SIOCGIFFLAGS,{ifr_name =“lo”,ifr_flags = IFF_UP | IFF_LOOPBACK | IFF_RUNNING})= 0 ioctl(4,SIOCGIFFLAGS,{ifr_name =“eth0”,ifr_flags = IFF_UP | IFF_BROADCAST | IFF_RUNNING | IFF_MULTICAST})= 0 ioctl(4,SIOCGIFHWADDR,{ifr_name =“eth0”,ifr_hwaddr = 00:c0:26:87:55:c0})= 0 socket(PF_PACKET,SOCK_PACKET,768)= -1 EPERM(操作不允许) 时间(NULL)= 1284760816 stat64(“/ etc / localtime”,{st_mode = S_IFREG | 0644,st_size = 2945,...})= 0 发送(3,“9月18日00:00:16 dhcpd:打开”...,74,MSG_NOSIGNAL)= 74 写入(2,“打开LPF的套接字:操作”...,46打开LPF的套接字:不允许操作)= 46 写(2,“\ n”...,1 )= 1 exit_group(1)=?
我知道dhcpd
希望在端口67上创build套接字…但我不知道如何通过chroot来授权。
任何想法?
为了绑定到<1024端口,通常需要具有超级用户权限或具有CAP_NET_BIND_SERVICE
function(请参阅capabilities(7)
)。
您可以使用setcap
实用程序( pacakge libcap2-bin )设置functionCAP_NET_BIND_SERVICE
,