Bob, Your MLP declaration for pub-tx01 looks OK. A few things to try/check:
1. does the svc program has net_bindmlp priv in its limit set? 2. In pub-tx01 zone, 'ifconfig -a' shows there is an all-zones interface it can use. 3. The socket() call didn't fail. 4. svc is binding to the right IP addr 5. no other process already bound with port 80. Jarrett Robert Bailey wrote: > I'm looking at the potential for having a TX zone serving web pages, > thus hopefully restricting it's badness potential. I've set the > privileges within svc to specs produced by sun (minus the shared > storage - TX doesn't like that) > Anyway's the problem I am having is binding to port 80 within the > public facing local zone. > > My global is configured to share the interface (bold is the zone I'm > focussing on): > > lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu > 8232 index 1 > inet 127.0.0.1 netmask ff000000 > lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> > mtu 8232 index 1 > zone restricted-tx01 > inet 127.0.0.1 netmask ff000000 > *lo0:2: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> > mtu 8232 index 1* > * zone pub-tx01* > * inet 127.0.0.1 netmask ff000000 * > *bge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 > index 2* > * all-zones* > * inet 192.168.15.78 netmask ffffff00 broadcast 192.168.15.255* > * ether 0:14:4f:6e:ce:3a * > > My tnzonecfg is as follows - note that I'm still a bit confused if the > port 80 should be in the global definition for shared ports: > > global:ADMIN_LOW:1:111/tcp;111/udp;515/tcp;631/tcp;2049/tcp;6000-6003/tcp:6000-6003/tcp > *pub-tx01:0x0002-08-08:0::80/tcp* > restricted-tx01:0x000a-08-08:0:: > > And the ServerName is defined as *192.168.15.79* > > I even set the webservd in /etc/user_attr to def_label=PUB to no evail. > > Here's the error I keep getting... > > (13)Permission denied: make_sock: could not bind to address [::]:80 > no listening sockets available, shutting down > Unable to open logs > > > Any thoughts folks? > > Thanks > Bob > >------------------------------------------------------------------------ > >_______________________________________________ >security-discuss mailing list >security-discuss at opensolaris.org > >
