I have been working on this for way too long and can't seem to figure it out. I am sure I have something wrong in my freetds.conf, odbc.ini or odbcinst.ini. I can connect to my mssql 2008 server using tsql, but still can't with isql or of course through php.
I am on CentOS 5.6.
Can anyone offer some assistance?
Thanks!
Shawn
This is in my sqltrace.log:
[ODBC][12249][1347850711.939084][__handles.c][459]
Exit:[SQL_SUCCESS]
Environment = 0x1b5fc6c0
[ODBC][12249][1347850711.939149][SQLAllocHandle.c][375]
Entry:
Handle Type = 2
Input Handle = 0x1b5fc6c0
[ODBC][12249][1347850711.939187][SQLAllocHandle.c][493]
Exit:[SQL_SUCCESS]
Output Handle = 0x1b5fcff0
[ODBC][12249][1347850711.939231][SQLConnect.c][3654]
Entry:
Connection = 0x1b5fcff0
Server Name = [MSSQL_DSN][length = 9 (SQL_NTS)]
User Name = [InetIndyArtsRemote][length = 18 (SQL_NTS)]
Authentication = [**********][length = 10 (SQL_NTS)]
UNICODE Using encoding ASCII 'ISO8859-1' and UNICODE 'UCS-2LE'
DIAG [01000] [FreeTDS][SQL Server]Unexpected EOF from the server
DIAG [01000] [FreeTDS][SQL Server]Adaptive Server connection failed
DIAG [S1000] [FreeTDS][SQL Server]Unable to connect to data source
[ODBC][12249][1347850711.949640][SQLConnect.c][4021]
Exit:[SQL_ERROR]
[ODBC][12249][1347850711.949694][SQLFreeHandle.c][286]
Entry:
Handle Type = 2
Input Handle = 0x1b5fcff0
[ODBC][12249][1347850711.949735][SQLFreeHandle.c][337]
Exit:[SQL_SUCCESS]
[ODBC][12249][1347850711.949773][SQLFreeHandle.c][219]
Entry:
Handle Type = 1
Input Handle = 0x1b5fc6c0
freetds.conf:
# $Id: freetds.conf,v 1.12 2007/12/25 06:02:36 jklowden Exp $
#
# This file is installed by FreeTDS if no file by the same
# name is found in the installation directory.
#
# For information about the layout of this file and its settings,
# see the freetds.conf manpage "man freetds.conf".
# Global settings are overridden by those in a database
# server specific section
[global]
# TDS protocol version
tds version = 8.0
# Whether to write a TDSDUMP file for diagnostic purposes
# (setting this to /tmp is insecure on a multi-user system)
dump file = /tmp/freetds.log
debug flags = 0xffff
dump file append = yes
# Command and connection timeouts
; timeout = 10
; connect timeout = 10
# If you get out-of-memory errors, it may mean that your client
# is trying to allocate a huge buffer for a TEXT field.
# Try setting 'text size' to a more reasonable limit
text size = 64512
[IndyArtsDB]
host = xxx.xx.xxx.xx
port = 1433
tds version = 8.0
client charset = UTF-8
ODBC.INI
[MSSQL_DSN]
Driver=FreeTDS
Description=IndyArts DB on Rackspace
Trace=No
Server=xxx.xx.xxx.xx
Port=1433
Database=DBName
ODCBINST.INI
[ODBC]
DEBUG=1
TraceFile=/home/ftp/sqltrace.log
Trace=Yes
[FreeTDS]
Description=MSSQL Driver
Driver=/usr/local/lib/libtdsodbc.so
UsageCount=1
Looking at your sqltrace.log it looks to me like an authentication error - you get that "Unexpected EOF from the server" message immediately after authenticating...
Is there any chance the remote server is blocking connections from your CentOS server, either completely or on port 1433? Any chance the "client charset = UTF-8" in your freetds.conf is causing the problem?
This is my (working) setup on an Ubuntu 12.04 (Precise Pangolin) machine.
Here is my /etc/odbc.ini file:
[xyz]
Description = XYZ Server
Driver = freetds
Database = MyDB
ServerName = xyz
TDS_Version = 8.0
And my /etc/odbcinst.ini file:
[freetds]
Description = MS SQL database access with Free TDS
Driver = /usr/lib/i386-linux-gnu/odbc/libtdsodbc.so
Setup = /usr/lib/i386-linux-gnu/odbc/libtdsS.so
UsageCount = 1
And finally my /etc/freetds/freetds.conf file:
[global]
# TDS protocol version
; tds version = 4.2
# Whether to write a TDSDUMP file for diagnostic purposes
# (setting this to /tmp is insecure on a multi-user system)
; dump file = /tmp/freetds.log
; debug flags = 0xffff
# Command and connection timeouts
; timeout = 10
; connect timeout = 10
# If you get out-of-memory errors, it may mean that your client
# is trying to allocate a huge buffer for a TEXT field.
# Try setting 'text size' to a more reasonable limit
text size = 64512
# A typical Sybase server
[egServer50]
host = symachine.domain.com
port = 5000
tds version = 5.0
# A typical Microsoft server
[egServer70]
host = ntmachine.domain.com
port = 1433
tds version = 7.0
# The XYZ database
[xyz]
host = XYZ
port = 1433
tds version = 8.0
Looks like the version numbers in FreeTDS have been changed from 8.0 to 7.1 and 9.0 to 7.2.
See http://www.freetds.org/userguide/choosingtdsprotocol.htm
Related
My friend has a CentOS v7.3 server running on VMWare. It's an old server, so he can't upgrade CentOS (hardware). Hid programmer is still off work and he's asked me to setup his Samba to allow access to the CentOS server from a Windows 7 workstation in a domain.
He also would like to be able to connect to a Windows Workstation from the CentOS server as well.
What I know about Samba is dangerous. He admitted that they never got it to work! I need the money, so it would ne nice if I can get it working.
I copied the Samba script and change the name of Domain etc., Can anyone help please?
[global]
log file = /var/log/samba/log.%m
load printers = no
domain master = no
hosts allow = 127. 192.168.0.0/24
encrypt passwords = yes
realm = xxxxxxxx.com
passdb backend = tdbsam
netbios name = RHServer1
cups options = raw
server string = Samba Server Version %v
password server = ADServer.xxxxxxxx.com
default = netlogon
os level = 20
printcap name = /dev/null
preferred master = no
max log size = 5
domain logons = yes
; security = user
# log files split per-machine:
# enable the following line to debug:
# log level =3
# maximum size of 50KB per log file, then rotate:
; id map config * : backend -tdb
# Not interested in printers
[homes]
comment = Home Directories
browseable = yes
writable = yes
# valid users = %S
valid users = DOMAIN\%S
[Web]
comment = Web Servers
browseable = yes
writable = yes
path = /var/www/
guest ok = no
# valid users = %S
valid users = DOMAIN\%S
# Un-comment the following and create the netlogon directory for Domain Logons:
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = no
writable = no
# Un-comment the following to provide a specific roaming profile share.
# The default is to use the user's home directory:
[Profiles]
path = /var/lib/samba/profiles
browseable = no
guest ok = yes
I am having troubles when trying to upgrade my Portable Msys2 under Win 10 with pacman -Syuu, as detailed below.
I did this before with no problem.
What could the problem and solution be?
$ pacman -Syuu
:: Synchronizing package databases...
mingw32 is up to date
mingw64 is up to date
msys is up to date
:: Starting core system upgrade...
there is nothing to do
:: Starting full system upgrade...
warning: grep: downgrading from version 3.1-1 to version 3.0-2
warning: libgc: downgrading from version 8.0.0-1 to version 7.6.8-1
warning: mingw-w64-x86_64-binutils: downgrading from version 2.31.1-2 to version 2.30-5
:: Replace mingw-w64-x86_64-minizip with mingw64/mingw-w64-x86_64-zlib? [Y/n] y
:: Replace mingw-w64-x86_64-vulkan with mingw64/mingw-w64-x86_64-vulkan-loader? [Y/n] y
resolving dependencies...
looking for conflicting packages...
Packages (217) autogen-5.18.16-1 bison-3.3.2-1 brotli-1.0.7-1 ca-certificates-20180409-1 cmake-3.13.2-1 curl-7.64.0-2 diffutils-3.7-1 doxygen-1.8.15-1
...
Total Download Size: 1400.65 MiB
Total Installed Size: 9648.15 MiB
Net Upgrade Size: 261.06 MiB
:: Proceed with installation? [Y/n] y
:: Retrieving packages...
error: failed retrieving file 'mingw-w64-x86_64-qt5-5.12.1-5-any.pkg.tar.xz' from repo.msys2.org : Operation too slow. Less than 1 bytes/sec transferred the last 10 seconds
error: failed retrieving file 'mingw-w64-x86_64-qt5-5.12.1-5-any.pkg.tar.xz' from sourceforge.net : SSL certificate problem: unable to get local issuer certificate
error: failed retrieving file 'mingw-w64-x86_64-qt5-5.12.1-5-any.pkg.tar.xz' from www2.futureware.at : Operation too slow. Less than 1 bytes/sec transferred the last 10 seconds
error: failed retrieving file 'mingw-w64-x86_64-qt5-5.12.1-5-any.pkg.tar.xz' from mirror.yandex.ru : SSL certificate problem: unable to get local issuer certificate
warning: failed to retrieve some files
error: failed to commit transaction (download library error)
Errors occurred, no packages were upgraded.
As per this, my repo configuration seems to be ok:
$ pacman-conf.exe
[options]
RootDir = /
DBPath = /var/lib/pacman/
CacheDir = /var/cache/pacman/pkg/
HookDir = /etc/pacman.d/hooks/
GPGDir = /etc/pacman.d/gnupg/
LogFile = /var/log/pacman.log
HoldPkg = pacman
Architecture = i686
CheckSpace
UseDelta = 0.000000
CleanMethod = KeepInstalled
SigLevel = PackageRequired
SigLevel = PackageTrustedOnly
SigLevel = DatabaseOptional
SigLevel = DatabaseTrustedOnly
LocalFileSigLevel = PackageOptional
LocalFileSigLevel = PackageTrustedOnly
[mingw32]
Usage = All
Server = http://repo.msys2.org/mingw/i686/
Server = https://sourceforge.net/projects/msys2/files/REPOS/MINGW/i686/
Server = http://www2.futureware.at/~nickoe/msys2-mirror/mingw/i686/
Server = https://mirror.yandex.ru/mirrors/msys2/mingw/i686/
[mingw64]
Usage = All
Server = http://repo.msys2.org/mingw/x86_64/
Server = https://sourceforge.net/projects/msys2/files/REPOS/MINGW/x86_64/
Server = http://www2.futureware.at/~nickoe/msys2-mirror/mingw/x86_64/
Server = https://mirror.yandex.ru/mirrors/msys2/mingw/x86_64/
[msys]
Usage = All
Server = http://repo.msys2.org/msys/i686/
Server = https://sourceforge.net/projects/msys2/files/REPOS/MSYS2/i686/
Server = http://www2.futureware.at/~nickoe/msys2-mirror/msys/i686/
Server = https://mirror.yandex.ru/mirrors/msys2/msys/i686/
Related:
https://github.com/msys2/MINGW-packages/issues/1887
https://bbs.archlinux.org/viewtopic.php?id=199693
https://sourceforge.net/p/msys2/discussion/general/thread/8427aab0/
EDIT
It was suggested in a comment that I execute pacman-mirrors ...
There seems to be no such executable in my system (either script, alias, etc.)
On the other hand, it seems I already have pacman-mirrors, and that it does not provide any executable (at least in msys2). Is this correct?
$ updatedb
$ locate pacman-mirrors
/var/cache/pacman/pkg/pacman-mirrors-20180604-2-any.pkg.tar.xz
/var/lib/pacman/local/pacman-mirrors-20180604-2
/var/lib/pacman/local/pacman-mirrors-20180604-2/desc
/var/lib/pacman/local/pacman-mirrors-20180604-2/files
/var/lib/pacman/local/pacman-mirrors-20180604-2/mtree
$ pacman -Ql pacman-mirrors
pacman-mirrors /etc/
pacman-mirrors /etc/pacman.d/
pacman-mirrors /etc/pacman.d/mirrorlist.mingw32
pacman-mirrors /etc/pacman.d/mirrorlist.mingw64
pacman-mirrors /etc/pacman.d/mirrorlist.msys
$ pacman --needed -S bash pacman pacman-mirrors msys2-runtime
warning: bash-4.4.023-1 is up to date -- skipping
warning: pacman-5.1.2-2 is up to date -- skipping
warning: pacman-mirrors-20180604-2 is up to date -- skipping
warning: msys2-runtime-2.11.2-1 is up to date -- skipping
You can disable the timeout of pacman with the parameter --disable-download-timeout. Then you should be able to download
http://repo.msys2.org/mingw/x86_64/mingw-w64-x86_64-qt5-5.12.1-5-any.pkg.tar.xz
It's described on the man-page for pacman.
Also --gpgdir to Specify a directory of files used by GnuPG to verify package signatures might be useful.
Additional you can consider using the parameter --noconfirm
to bypass any and all “Are you sure?” messages.
About the certificates I'm not sure, perhaps the local paths are not configured correctly. Nevertheless you've two domains, that still serve by http.
In browser the download works btw. it just has finished, the screenshot is still showing the download in progress:
I've also faced this problem but I got the solution: Open Add or Remove Softwares and go to Preferences and then change your official repositories to Canada then Refresh mirror lists
It may work now
The following were the steps I used to solve the problem;
sudo nano /etc/pacman.d/mirrorlist (to open the mirror list on manjaro or any arch based distro)
In the mirror list, all the source servers will be active. Put a hash at the beginning of each line of a selected active server to prevent the server from being contacted during the download process. You don't need all of the servers to be active, so only allow countries close to you and place a hash in front of all other servers that aren't.
## Generated on 2022-08-16 12:13
##
## Please use 'pacman-mirrors -f [NUMBER] [NUMBER]' to modify mirrorlist
## (Use 0 for all mirrors)
##
## Country : Poland
# Server = https://mirror.tuchola-dc.pl/manjaro/stable/$repo/$arch
## Country : Hungary
# Serve<p>r = http://mirror.infotronik.hu/mirrors/pub/manjaro/stable/$repo/$arch
## Country : Germany
Server = http://ftp.tu-chemnitz.de/pub/linux/manjaro/stable/$repo/$arch
## Country : Brazil
# Server = http://linorg.usp.br/manjaro/stable/$repo/$arch
## Country : Costa_Rica
# Server = https://mirrors.ucr.ac.cr/manjaro/stable/$repo/$arch
## Country : Australia
Server = http://mirror.ventraip.net.au/Manjaro/stable/$repo/$arch
## Country : Australia
Server = http://mirror.ventraip.net.au/Manjaro/stable/$repo/$arch
## Country : Germany
Server = http://ftp.rz.tu-bs.de/pub/mirror/manjaro.org/repos/stable/$repo/$arch
## Country : Germany
Server = https://repo.rhindon.net/manjaro/stable/$repo/$arch
## Country : Brazil
#Server = https://manjaro.c3sl.ufpr.br/stable/$repo/$arch
## Country : United_States
Server = https://mirror.math.princeton.edu/pub/manjaro/stable/$repo/$arch
## Country : Poland
#Server = http://mirror.chmuri.net/manjaro/stable/$repo/$arch
## Country : China
#Server = https://mirrors.sjtug.sjtu.edu.cn/manjarostable/$repo/$arch
## Country : China</p>
#Server = https://mirrors.ustc.edu.cn/manjaro/stable/$repo/$arch
## Country : Germany
Server =https://mirror.netzspielplatz.de/manjaro/packages/stable/$repo/$arch```
I am trying to run connect to a MSSQL server from a RHEL 5.5 server with FreeTDS and unixODBC.
Using tsql i can connect to the server with
tsql -S mssqltest -U <username> -P <password>
It's getting connected successfully
isql -v mssqltest 'username' 'password' -b -q
Also connects without any problem
But in perl I get a error message as follows
DBI connect('mssqltest',<username>,...) failed: [unixODBC][Driver Manager]Can't open lib '/usr/local/lib/libtdsodbc.so' : file not found (SQL-01000) at test.pl line 14
Can't connect to DBI:ODBC:mssqltest: [unixODBC][Driver Manager]Can't open lib '/usr/local/lib/libtdsodbc.so' : file not found (SQL-01000) at test.pl line 14.
I tried using FreeTDS as ODBC Driver that also gives similar error also I tried using servername instead of server_ip, but the error continues
DBI connect('Driver=FreeTDS;Server=<server_ip>',<username>,...) failed: [unixODBC][Driver Manager]Can't open lib '/usr/local/lib/libtdsodbc.so' : file not found (SQL-01000) at test.pl line 14
Can't connect to DBI:ODBC:Driver=FreeTDS;Server=<server_ip>: [unixODBC][Driver Manager]Can't open lib '/usr/local/lib/libtdsodbc.so' : file not found (SQL-01000) at test.pl line 14.
my perl code
#!/usr/bin/perl -w
use strict;
use DBI;
# Replace datasource_name with the name of your data source.
# Replace database_username and database_password
# with the SQL Server database username and password.
my $data_source = q/DBI:ODBC:mssqltest/;
my $user = q/<username>/;
my $password = q/<password>/;
# Connect to the data source and get a handle for that connection.
my $dbh = DBI->connect($data_source, $user, $password)
or die "Can't connect to $data_source: $DBI::errstr";
# This query generates a result set with one record in it.
my $sql = "SELECT TOP 3 * FROM tablename";
# Prepare the statement.
my $sth = $dbh->prepare($sql)
or die "Can't prepare statement: $DBI::errstr";
# Execute the statement.
$sth->execute();
# Print the column name.
print "$sth->{NAME}->[0]\n";
# Fetch and display the result set value.
while ( my #row = $sth->fetchrow_array ) {
print "#row\n";
}
# Disconnect the database from the database handle.
$dbh->disconnect;
My config files are:
FreTDS/odbc.ini
;
; odbc.ini
;
[ODBC Data Sources]
JDBC = Sybase JDBC Server
[JDBC]
Driver = /usr/local/lib/libtdsodbc.so
Description = Sybase JDBC Server
Trace = No
Servername = JDBC
Database = pubs2
UID = guest
[Default]
Driver = /usr/local/lib/libtdsodbc.so
odbc.ini
[ODBC Data Sources]
TS = FreeTDS
[TS]
Driver = FreeTDS
Description = ODBC to SQLServer via FreeTDS
Trace = No
Servername = sql-server
Database = RKDB
[mssqltest]
Description = MS SQL connection to mssqltest database
Driver = FreeTDS
Database = RKDB
Server = <server_ip>
UserName = <username>
Password = <password>
Trace = Yes
Port = 1754
obcinst.ini
[FreeTDS]
Description=TDS driver (Sybase/MS SQL)
Driver=/usr/local/lib/libtdsodbc.so
UsageCount=2
freetds-dev.0.99.761/freetds.conf
# $Id: freetds.conf,v 1.12 2007-12-25 06:02:36 jklowden Exp $
#
# This file is installed by FreeTDS if no file by the same
# name is found in the installation directory.
#
# For information about the layout of this file and its settings,
# see the freetds.conf manpage "man freetds.conf".
# Global settings are overridden by those in a database
# server specific section
[global]
# TDS protocol version
tds version = auto
# Whether to write a TDSDUMP file for diagnostic purposes
# (setting this to /tmp is insecure on a multi-user system)
; dump file = /tmp/freetds.log
; debug flags = 0xffff
# Command and connection timeouts
; timeout = 10
; connect timeout = 10
# If you get out-of-memory errors, it may mean that your client
# is trying to allocate a huge buffer for a TEXT field.
# Try setting 'text size' to a more reasonable limit
text size = 64512
# A typical Sybase server
[egServer50]
host = symachine.domain.com
port = 5000
tds version = 5.0
# A typical Microsoft server
[egServer70]
host = ntmachine.domain.com
port = 1433
tds version = 7.0
[mssqltest]
host = <server_ip>
port = 1754
tds version = 8.0
/usr/local/etc/freetds.conf
# $Id: freetds.conf,v 1.12 2007-12-25 06:02:36 jklowden Exp $
#
# This file is installed by FreeTDS if no file by the same
# name is found in the installation directory.
#
# For information about the layout of this file and its settings,
# see the freetds.conf manpage "man freetds.conf".
# Global settings are overridden by those in a database
# server specific section
[global]
# TDS protocol version
tds version = auto
# Whether to write a TDSDUMP file for diagnostic purposes
# (setting this to /tmp is insecure on a multi-user system)
; dump file = /tmp/freetds.log
; debug flags = 0xffff
# Command and connection timeouts
; timeout = 10
; connect timeout = 10
# If you get out-of-memory errors, it may mean that your client
# is trying to allocate a huge buffer for a TEXT field.
# Try setting 'text size' to a more reasonable limit
text size = 64512
# A typical Sybase server
[egServer50]
host = symachine.domain.com
port = 5000
tds version = 5.0
# A typical Microsoft server
[sql-server]
host = TH-SSRS-DB
InstanceName = RKSSRSDB
#port = 1754
tds version = 8.0
client charset = UTF-8
[mssqltest]
host = <server_ip>
port = 1754
tds version = 8.0
Please help.
I'm running an application which builds and sends ICMP ECHO requests to a few different ip addresses. The application is written in Crystal. When attempting to open a socket from within the crystal docker container, Crystal raises an exception: Permission Denied.
From within the container, I have no problem running ping 8.8.8.8.
Running the application on macos, I have no problem.
Reading the https://docs.docker.com/engine/security/apparmor/ and https://docs.docker.com/engine/security/seccomp/ pages on apparmor and seccomp I was sure I'd found the solution, but the problem remains unresolved, even when running as docker run --rm --security-opt seccomp=unconfined --security-opt apparmor=unconfined socket_permission
update/edit: After digging into capabilities(7), I added the following line to my dockerfile: RUN setcap cap_net_raw+ep bin/ping trying to let the socket get opened but without change.
Thanks!
Relevant crystal socket code, full working code sample below:
# send request
address = Socket::IPAddress.new host, 0
socket = IPSocket.new Socket::Family::INET, Socket::Type::DGRAM, Socket::Protocol::ICMP
socket.send slice, to: address
Dockerfile:
FROM crystallang/crystal:0.23.1
WORKDIR /opt
COPY src/ping.cr src/
RUN mkdir bin
RUN crystal -v
RUN crystal build -o bin/ping src/ping.cr
ENTRYPOINT ["/bin/sh","-c"]
CMD ["/opt/bin/ping"]
Running the code, first native, then via docker:
#!/bin/bash
crystal run src/ping.cr
docker build -t socket_permission .
docker run --rm --security-opt seccomp=unconfined --security-opt apparmor=unconfined socket_permission
And finally, a 50 line crystal script which fails to open a socket in docker:
require "socket"
TYPE = 8_u16
IP_HEADER_SIZE_8 = 20
PACKET_LENGTH_8 = 16
PACKET_LENGTH_16 = 8
MESSAGE = " ICMP"
def ping
sequence = 0_u16
sender_id = 0_u16
host = "8.8.8.8"
# initialize packet with MESSAGE
packet = Array(UInt16).new PACKET_LENGTH_16 do |i|
MESSAGE[ i % MESSAGE.size ].ord.to_u16
end
# build out ICMP header
packet[0] = (TYPE.to_u16 << 8)
packet[1] = 0_u16
packet[2] = sender_id
packet[3] = sequence
# calculate checksum
checksum = 0_u32
packet.each do |byte|
checksum += byte
end
checksum += checksum >> 16
checksum = checksum ^ 0xffff_ffff_u32
packet[1] = checksum.to_u16
# convert packet to 8 bit words
slice = Bytes.new(PACKET_LENGTH_8)
eight_bit_packet = packet.map do |word|
[(word >> 8), (word & 0xff)]
end.flatten.map(&.to_u8)
eight_bit_packet.each_with_index do |chr, i|
slice[i] = chr
end
# send request
address = Socket::IPAddress.new host, 0
socket = IPSocket.new Socket::Family::INET, Socket::Type::DGRAM, Socket::Protocol::ICMP
socket.send slice, to: address
# receive response
buffer = Bytes.new(PACKET_LENGTH_8 + IP_HEADER_SIZE_8)
count, address = socket.receive buffer
length = buffer.size
icmp_data = buffer[IP_HEADER_SIZE_8, length-IP_HEADER_SIZE_8]
end
ping
It turns out the answer is that Linux (and by extension docker) does not give the same permissions that macOS does for DGRAM sockets. Changing the socket declaration to socket = IPSocket.new Socket::Family::INET, Socket::Type::RAW, Socket::Protocol::ICMP allows the socket to connect under docker.
A little more still is required to run the program in a non-root context. Because raw sockets are restricted to root, the binary must also be issued the correct capability for access to a raw socket, CAP_NET_RAW. However, in docker, this isn't necessary. I was able to get the program to run outside of super-user context by running sudo setcap cap_net_raw+ep bin/ping. This is a decent primer on capabilities and the setpcap command
MacOS doesn't use the same system of permissions, so setcap is just an unrecognized command. As a result, to get the above code to compile and run successfully on macOS without super-user context, I changed the socket creation code to:
socket_type = Socket::Type::RAW
{% if flag?(:darwin) %}
socket_type = Socket::Type::DGRAM
{% end %}
socket = IPSocket.new Socket::Family::INET, socket_type, Socket::Protocol::ICMP
Applying the CAP_NET_RAW capability for use in linux happens elsewhere in the build process if needed.
With those changes, I'm not seeing any requirement for changes to seccomp or apparmor from the default shipped with Docker in order to run the program.
Running CentOS. xinetd.d/clhtest entry is as follows:
service clhtest
{
disable = no
port = 8020
socket_type = stream
protocol = tcp
wait = no
user = charrison
passenv = PATH
server = /home/charrison/bin/clhtest
}
In debugging this I need to write to a file. I set the server process up to open /home/charrison/log/foo.txt as one of the first steps (note user=charrison), but it doesn't - and I assume it tries to. When I launch the server program from command line it opens the file successfully.
I suspect the umask parameter may be needed, but I don't know what it defaults to.
Any hints?