是否可以在 chroot jail 中以非 root 用户身份运行 dhcpd3?

是否可以在 chroot jail 中以非 root 用户身份运行 dhcpd3?

我想dhcpd3从 chroot jail运行Debian Lenny。目前,我可以从 jail 以 root 身份运行它。

现在我想以非root用户身份执行此操作(作为“-u blah -t /path/to/jail”绑定选项)。

如果我像这样开始我的过程:

启动-停止守护进程 --chroot /home/jails/dhcp --chuid dhcp \
--start --pid文件 /home/jails/dhcp/var/run/dhcp.pid --exec /usr/sbin/dhcpd3

我被这些错误困扰:

互联网系统联盟 DHCP 服务器 V3.1.1
版权所有 2004-2008 互联网系统联盟。
版权所有。
有关信息,请访问 http://www.isc.org/sw/dhcp/
无法创建 icmp 套接字:操作不允许
将 0 个已删除的主机声明写入租约文件。
已将 0 个新的动态主机声明写入租约文件。
已将 0 条租约写入租约文件。
为 LPF 打开套接字:操作不允许

strace:

brk(0)=0x911b000
fcntl64(0,F_GETFD) = 0
fcntl64(1,F_GETFD) = 0
fcntl64(2,F_GETFD) = 0
access("/etc/suid-debug", F_OK) = -1 ENOENT (没有此文件或目录)
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (没有此文件或目录)
mmap2(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0xb775d000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (没有此文件或目录)
open("/etc/ld.so.cache", O_RDONLY) = -1 ENOENT (没有此文件或目录)
open("/lib/tls/i686/cmov/libc.so.6", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64("/lib/tls/i686/cmov", 0xbfc2ac84) = -1 ENOENT (没有此文件或目录)
open("/lib/tls/i686/libc.so.6", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64("/lib/tls/i686", 0xbfc2ac84) = -1 ENOENT (没有此文件或目录)
open("/lib/tls/cmov/libc.so.6", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64(“/lib/tls/cmov”, 0xbfc2ac84) = -1 ENOENT (没有此文件或目录)
open("/lib/tls/libc.so.6", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64(“/lib/tls”,0xbfc2ac84) = -1 ENOENT(没有此文件或目录)
open("/lib/i686/cmov/libc.so.6", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64("/lib/i686/cmov", 0xbfc2ac84) = -1 ENOENT (没有此文件或目录)
open("/lib/i686/libc.so.6", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64("/lib/i686", 0xbfc2ac84) = -1 ENOENT (没有此文件或目录)
open("/lib/cmov/libc.so.6", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64("/lib/cmov", 0xbfc2ac84) = -1 ENOENT (没有此文件或目录)
打开(“/lib/libc.so.6”,O_RDONLY)= 3
读取(3,“\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\260e\1\0004\0\0\0t” ...,512)= 512
fstat64 (3,{st_mode=S_IFREG|0755,st_size=1294572,...}) = 0
mmap2(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0xb775c000
mmap2(NULL,1300080,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_DENYWRITE,3,0) = 0xb761e000
mmap2(0xb7756000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x138) = 0xb7756000
mmap2(0xb7759000, 9840, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7759000
关闭(3)= 0
mmap2(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0xb761d000
设置线程区域({entry_number:-1 -> 6,base_addr:0xb761d6b0,限制:1048575,seg_32bit:1,内容:0,read_exec_only:0,limit_in_pages:1,seg_not_present:0,可用:1})= 0
mprotect(0xb7756000, 4096, PROT_READ) = 0
打开(“/dev/null”,O_RDWR) = 3
关闭(3)= 0
brk(0)=0x911b000
brk(0x913c000)=0x913c000
套接字(PF_FILE,SOCK_DGRAM,0)= 3
fcntl64(3,F_SETFD,FD_CLOEXEC) = 0
连接(3,{sa_family = AF_FILE,路径“ / dev / log” ...},110)= 0
时间(空)= 1284760816
打开(“/etc/localtime”, O_RDONLY) = 4
fstat64(4,{st_mode=S_IFREG|0644,st_size=2945,...}) = 0
fstat64(4,{st_mode=S_IFREG|0644,st_size=2945,...}) = 0
mmap2(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0xb761c000
读取(4,“TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\f\0\0\0\f\0\0\0\0\0”...,4096)= 2945
_llseek(4,-28,[2917],SEEK_CUR) = 0
读取(4,“\nCET-1CEST,M3.5.0,M10.5.0/3\n”...,4096)= 28
关闭(4)= 0
munmap(0xb761c000, 4096) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0
发送(3,“9 月 18 日 00:00:16 dhcpd:实习生”...,73,MSG_NOSIGNAL)= 73
写入(2,“Internet 系统联盟 DHCP”...,46Internet 系统联盟 DHCP 服务器 V3.1.1)= 46
写入(2,“\n”...,1
)= 1
时间(空)= 1284760816
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0
发送(3,“9 月 18 日 00:00:16 dhcpd:Copyri”...,75,MSG_NOSIGNAL)= 75
写入(2,“版权所有 2004-2008 互联网系统”...,48版权所有 2004-2008 互联网系统联盟。)= 48
写入(2,“\n”...,1
)= 1
时间(空)= 1284760816
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0
发送(3,“9 月 18 日 00:00:16 dhcpd:所有 ri”...,47,MSG_NOSIGNAL)= 47
写入(2,“保留所有权利。”...,20保留所有权利。)= 20
写入(2,“\n”...,1
)= 1
时间(空)= 1284760816
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0
发送(3,“9 月 18 日 00:00:16 dhcpd: For in”...,77,MSG_NOSIGNAL)= 77
write(2, "有关信息,请访问 http://www"..., 50有关信息,请访问 http://www.isc.org/sw/dhcp/) = 50
写入(2,“\n”...,1
)= 1
套接字(PF_FILE, SOCK_STREAM, 0) = 4
fcntl64(4,F_SETFL,O_RDWR|O_NONBLOCK) = 0
连接(4,{sa_family = AF_FILE,path =“/ var / run / nscd / socket” ...},110)= -1 ENOENT(没有这样的文件或目录)
关闭(4)= 0
套接字(PF_FILE, SOCK_STREAM, 0) = 4
fcntl64(4,F_SETFL,O_RDWR|O_NONBLOCK) = 0
连接(4,{sa_family = AF_FILE,path =“/ var / run / nscd / socket” ...},110)= -1 ENOENT(没有这样的文件或目录)
关闭(4)= 0
打开(“/etc/nsswitch.conf”, O_RDONLY) = 4
fstat64(4,{st_mode=S_IFREG|0644,st_size=475,...}) = 0
mmap2(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0xb761c000
读取(4,“# /etc/nsswitch.conf\n#\n# 示例“...,4096)= 475
读取(4,“”...,4096)= 0
关闭(4)= 0
munmap(0xb761c000, 4096) = 0
open("/lib/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录)
open("/usr/lib/tls/i686/cmov/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64("/usr/lib/tls/i686/cmov", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录)
open("/usr/lib/tls/i686/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64("/usr/lib/tls/i686", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录)
open("/usr/lib/tls/cmov/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64("/usr/lib/tls/cmov", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录)
open("/usr/lib/tls/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64(“/usr/lib/tls”,0xbfc2ad5c) = -1 ENOENT(没有此文件或目录)
open("/usr/lib/i686/cmov/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64("/usr/lib/i686/cmov", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录)
open("/usr/lib/i686/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64("/usr/lib/i686", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录)
open("/usr/lib/cmov/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64("/usr/lib/cmov", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录)
open("/usr/lib/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64("/usr/lib",0xbfc2ad5c) = -1 ENOENT(没有此文件或目录)
open("/lib/i486-linux-gnu/tls/i686/cmov/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64("/lib/i486-linux-gnu/tls/i686/cmov", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录)
open("/lib/i486-linux-gnu/tls/i686/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64("/lib/i486-linux-gnu/tls/i686", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录)
open("/lib/i486-linux-gnu/tls/cmov/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64(“/lib/i486-linux-gnu/tls/cmov”,0xbfc2ad5c) = -1 ENOENT(没有此文件或目录)
open("/lib/i486-linux-gnu/tls/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64(“/lib/i486-linux-gnu/tls”,0xbfc2ad5c) = -1 ENOENT (没有此文件或目录)
open("/lib/i486-linux-gnu/i686/cmov/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64("/lib/i486-linux-gnu/i686/cmov", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录)
open("/lib/i486-linux-gnu/i686/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64("/lib/i486-linux-gnu/i686", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录)
open("/lib/i486-linux-gnu/cmov/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64(“/lib/i486-linux-gnu/cmov”,0xbfc2ad5c) = -1 ENOENT(没有此文件或目录)
open("/lib/i486-linux-gnu/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64(“/lib/i486-linux-gnu”,0xbfc2ad5c) = -1 ENOENT (没有此文件或目录)
open("/usr/lib/i486-linux-gnu/tls/i686/cmov/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64("/usr/lib/i486-linux-gnu/tls/i686/cmov", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录)
open("/usr/lib/i486-linux-gnu/tls/i686/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64("/usr/lib/i486-linux-gnu/tls/i686", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录)
open("/usr/lib/i486-linux-gnu/tls/cmov/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64("/usr/lib/i486-linux-gnu/tls/cmov", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录)
open("/usr/lib/i486-linux-gnu/tls/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64(“/usr/lib/i486-linux-gnu/tls”,0xbfc2ad5c) = -1 ENOENT (没有此文件或目录)
open("/usr/lib/i486-linux-gnu/i686/cmov/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64("/usr/lib/i486-linux-gnu/i686/cmov", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录)
open("/usr/lib/i486-linux-gnu/i686/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64("/usr/lib/i486-linux-gnu/i686", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录)
open("/usr/lib/i486-linux-gnu/cmov/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64("/usr/lib/i486-linux-gnu/cmov", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录)
open("/usr/lib/i486-linux-gnu/libnss_db.so.2", O_RDONLY) = -1 ENOENT (没有此文件或目录)
stat64("/usr/lib/i486-linux-gnu", 0xbfc2ad5c) = -1 ENOENT (没有此文件或目录)
打开(“/lib/libnss_files.so.2”,O_RDONLY)=4
读取(4,“\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\30\0\0004\0\0\0\250” ...,512)= 512
fstat64 (4,{st_mode=S_IFREG|0644,st_size=38408,...}) = 0
mmap2(NULL,41624,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_DENYWRITE,4,0) = 0xb7612000
mmap2(0xb761b000,8192,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE,4,0x8) = 0xb761b000
关闭(4)= 0
打开(“/etc/services”, O_RDONLY|O_CLOEXEC) = 4
fcntl64(4,F_GETFD) = 0x1 (标志 FD_CLOEXEC)
fstat64 (4,{st_mode=S_IFREG|0644,st_size=18480,...}) = 0
mmap2(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0xb7611000
read(4, "# 网络服务, 互联网风格"..., 4096) = 4096
读取(4,“9/tcp\t\t\t\t# 快速邮件传输协议”...,4096)= 4096
读取(4,“note\t1352/tcp\tlotusnotes\t# Lotus”...,4096)= 4096
读取(4,“tion\nafs3-kaserver\t7004/udp\nafs3-”...,4096)= 4096
读取(4,“backup\t2989/tcp\t\t\t# Afmbackup sys”...,4096)= 2096
读取(4,“”...,4096)= 0
关闭(4)= 0
munmap(0xb7611000, 4096) = 0
时间(空)= 1284760816
打开(“/etc/protocols”,O_RDONLY|O_CLOEXEC) = 4
fstat64(4,{st_mode=S_IFREG|0644,st_size=2626,...}) = 0
mmap2(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0xb7611000
读取(4,“# Internet(IP)协议\n#\n# Upd”...,4096)= 2626
关闭(4)= 0
munmap(0xb7611000, 4096) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_ICMP) = -1 EPERM(操作不允许)
时间(空)= 1284760816
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0
发送(3,“9 月 18 日 00:00:16 dhcpd:无法”...,80,MSG_NOSIGNAL)= 80
写入(2,“无法创建 icmp 套接字:Ope”...,53无法创建 icmp 套接字:操作不允许)= 53
写入(2,“\n”...,1
)= 1
打开(“/etc/dhcp3/dhcpd.conf”,O_RDONLY)= 4
lseek (4,0,SEEK_END) = 1426
lseek (4,0,SEEK_SET) = 0
读取(4,“#----------------------------\n# G”...,1426)= 1426
关闭(4)= 0
mmap2(NULL,401408,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0xb75b0000
mmap2(NULL,401408,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0xb754e000
mmap2(NULL,401408,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0xb74ec000
brk(0x916f000)=0x916f000
关闭(3)= 0
套接字(PF_FILE,SOCK_DGRAM,0)= 3
fcntl64(3,F_SETFD,FD_CLOEXEC) = 0
连接(3,{sa_family = AF_FILE,路径“ / dev / log” ...},110)= 0
时间(空)= 1284760816
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0
发送(3,“9 月 18 日 00:00:16 dhcpd:Inter”...,74,MSG_NOSIGNAL)= 74
时间(空)= 1284760816
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0
发送(3,“9 月 18 日 00:00:16 dhcpd:Copyr”...,76,MSG_NOSIGNAL)= 76
时间(空)= 1284760816
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0
发送(3,“9 月 18 日 00:00:16 dhcpd:全部 r”...,48,MSG_NOSIGNAL)= 48
时间(空)= 1284760816
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0
发送(3,“9 月 18 日 00:00:16 dhcpd: 对于 i”...,78,MSG_NOSIGNAL)= 78
打开(“/var/lib/dh​​cp3/dhcpd.leases”,O_RDONLY)= 4
lseek (4,0,SEEK_END) = 126
lseek (4,0,SEEK_SET) = 0
read(4, "# 该文件的格式是 docu"..., 126) = 126
关闭(4)= 0
打开(“/var/lib/dh​​cp3/dhcpd.leases”,O_WRONLY|O_CREAT|O_APPEND,0666)= 4
fstat64(4,{st_mode=S_IFREG|0644,st_size=126,...}) = 0
mmap2(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0xb74eb000
fstat64(4,{st_mode=S_IFREG|0644,st_size=126,...}) = 0
_llseek(4, 126, [126],SEEK_SET) = 0
时间(空)= 1284760816
时间(空)= 1284760816
打开(“/var/lib/dh​​cp3/dhcpd.leases.1284760816”,O_WRONLY|O_CREAT|O_TRUNC,0664)= 5
fcntl64(5,F_GETFL) = 0x1 (标志 O_WRONLY)
fstat64(5,{st_mode=S_IFREG|0644,st_size=0,...}) = 0
mmap2(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0xb74ea000
_llseek(5,0,[0],SEEK_CUR) = 0
关闭(4)= 0
munmap(0xb74eb000, 4096) = 0
时间(空)= 1284760816
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0
发送(3,“9 月 18 日 00:00:16 dhcpd:写入”...,70,MSG_NOSIGNAL)= 70
写入(2,“将 0 个已删除的主机声明写入 leas 文件”...,42将 0 个已删除的主机声明写入 leases 文件。)= 42
写入(2,“\n”...,1
)= 1
时间(空)= 1284760816
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0
发送(3,“9 月 18 日 00:00:16 dhcpd:写入”...,74,MSG_NOSIGNAL)= 74
write(2, “将 0 个新的动态主机声明写入”..., 46将 0 个新的动态主机声明写入 leases 文件。) = 46
写入(2,“\n”...,1
)= 1
时间(空)= 1284760816
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0
发送(3,“9 月 18 日 00:00:16 dhcpd:写入”...,58,MSG_NOSIGNAL)= 58
write(2, “将 0 个租约写入租约文件。”..., 30将 0 个租约写入租约文件。) = 30
写入(2,“\n”...,1
)= 1
write(5, "# 该文件的格式是 docu"..., 126) = 126
fsync(5)= 0
取消链接(“/var/lib/dh​​cp3/dhcpd.leases~”)= 0
链接(“/var/lib/dh​​cp3/dhcpd.leases”,“/var/lib/dh​​cp3/dhcpd.leases~”)= 0
重命名(“/var/lib/dh​​cp3/dhcpd.leases.1284760816”,“/var/lib/dh​​cp3/dhcpd.leases”)= 0
套接字(PF_INET,SOCK_DGRAM,IPPROTO_UDP)=4
ioctl(4,SIOCGIFCONF,{0 -> 64,NULL}) = 0
ioctl(4,SIOCGIFCONF,{64,{{“lo”,{AF_INET,inet_addr(“127.0.0.1”)}},{“eth0”,{AF_INET,inet_addr(“192.168.0.10”)}}}}) = 0
ioctl(4,SIOCGIFFLAGS,{ifr_name="lo",ifr_flags=IFF_UP|IFF_LOOPBACK|IFF_RUNNING})= 0
ioctl(4,SIOCGIFFLAGS,{ifr_name="eth0",ifr_flags=IFF_UP|IFF_BROADCAST|IFF_RUNNING|IFF_MULTICAST})= 0
ioctl(4,SIOCGIFHWADDR,{ifr_name="eth0",ifr_hwaddr=00:c0:26:87:55:c0})= 0
socket(PF_PACKET, SOCK_PACKET, 768) = -1 EPERM (操作不允许)
时间(空)= 1284760816
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2945, ...}) = 0
发送(3,“9 月 18 日 00:00:16 dhcpd:打开”...,74,MSG_NOSIGNAL)= 74
write(2, "为 LPF 打开套接字:操作 "..., 46为 LPF 打开套接字:操作不允许) = 46
写入(2,“\n”...,1
)= 1
退出组(1)=?

我知道dhcpd想要在端口 67 上创建套接字...但我不知道如何通过 chroot 来授权。

任何想法?

答案1

为了绑定到端口 <1024,您通常需要具有超级用户权限或具有以下能力CAP_NET_BIND_SERVICE(请参阅capabilities(7))。

您可以使用CAP_NET_BIND_SERVICE实用setcap程序(包libcap2-bin

相关内容