[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Can't bind to port 80 from inside a Guix container
From: |
Edouard Klein |
Subject: |
Re: Can't bind to port 80 from inside a Guix container |
Date: |
Wed, 28 Apr 2021 21:12:11 +0200 |
User-agent: |
mu4e 1.4.15; emacs 27.1 |
Dear all,
I solved my problem by simply unpriviledging all ports on the system:
# echo 'net.ipv4.ip_unprivileged_port_start=0' >
/etc/sysctl.d/50-unprivileged-ports.conf
# sysctl --system
Now anybody can bind to any port.
I wish we were on Plan 9 where filesystem permissions applies to the
network too, but we have to use a half-a-century old API instead. I hate
port numbers with a passion.
Anyway. That works, I'm happy. I hope it can be useful to somebody else.
Cheers,
Edouard.
edk@beaver-labs.com writes:
> Dear fellow Guixers,
>
> I'm trying to run nginx with `guix system container --network toto.scm`,
> and I get the following error:
>
> nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied)
>
> despite the container script being launched with sudo.
>
> I got a root shell inside the container, checked that the corresponding
> process also belongs to root from outside the container, and still don't
> have the right to bind to port 80, with any software (this is not an
> nginx error).
>
> netcat lets me launch `nc -l 80` but I can't reach it, I don't think it
> is actually binding.
>
> Is this a known problem or limitation of guix containers ?
>
> What do you suggest to try to troubleshoot this issue ?
>
> Cheers,
>
> Edouard.