Port binding

[theoden8]

Good time of the day,

I found it unable to bind a port on a machine, where I do not have root access. Neither, ping, netcat nor nmap do work:

$ ping localhost
ping: icmp open socket: Operation not permitted

$ nmap localhost

Starting Nmap 6.47 ( http://nmap.org ) at 2015-11-05 20:30 UTC
socket troubles in Init: Operation not permitted (1)

(junest) $ nc -l 49325
(normal) $ nc 127.0.0.1 49325
Ncat: Connection refused.

WIthout junest all of them work ok.

[fsquillace]

Hi,

The problem is partially explained here: https://github.com/fsquillace/junest#suid-permissions

To be more precise the ping command requires capabilities:

$ getcap /usr/bin/ping
/usr/bin/ping = cap_net_raw+ep

At the moment, the only way to run such commands with JuNest are in root mode:

sudo junest -r
[root@myarch /]# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=58 time=8.28 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=58 time=8.80 ms

Another interesting thread is: https://bbs.archlinux.org/viewtopic.php?id=146249

[theoden8]

No. Unfortunately, this does not work.

[ root > ] $ getcap /usr/bin/ping
Failed to get capabilities of file `/usr/bin/ping' (Operation not supported)

[ root > ] $ ping localhost
ping: icmp open socket: Operation not permitted