I'm looking at the potential for having a TX zone serving web pages,
thus hopefully restricting it's badness potential. I've set the
privileges within svc to specs produced by sun (minus the shared
storage - TX doesn't like that)
Anyway's the problem I am having is binding to port 80 within the
public facing local zone.
My global is configured to share the interface (bold is the zone I'm
focussing on):
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu
8232 index 1
inet 127.0.0.1 netmask ff000000
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL>
mtu 8232 index 1
zone restricted-tx01
inet 127.0.0.1 netmask ff000000
lo0:2: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL>
mtu 8232 index 1
zone pub-tx01
inet 127.0.0.1 netmask ff000000
bge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500
index 2
all-zones
inet 192.168.15.78 netmask ffffff00 broadcast 192.168.15.255
ether 0:14:4f:6e:ce:3a
My tnzonecfg is as follows - note that I'm still a bit confused if
the port 80 should be in the global definition for shared ports:
global:ADMIN_LOW:1:111/tcp;111/udp;515/tcp;631/tcp;2049/tcp;6000-6003/
tcp:6000-6003/tcp
pub-tx01:0x0002-08-08:0::80/tcp
restricted-tx01:0x000a-08-08:0::
And the ServerName is defined as 192.168.15.79
I even set the webservd in /etc/user_attr to def_label=PUB to no evail.
Here's the error I keep getting...
(13)Permission denied: make_sock: could not bind to address [::]:80
no listening sockets available, shutting down
Unable to open logs
Any thoughts folks?
Thanks
Bob
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.opensolaris.org/pipermail/security-discuss/attachments/20070227/dfd8ab9c/attachment.html>
