[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference smurf::dec_mls_plus

Title:dec_mls_plus
Moderator:SMURF::BAT
Created:Mon Nov 29 1993
Last Modified:Fri Jun 06 1997
Last Successful Update:Fri Jun 06 1997
Number of topics:534
Total number of notes:2544

445.0. "socket program gives EACCES" by RHETT::AMAN () Wed Feb 05 1997 15:09

    My customer has a socket program written and compiled on a Digital UNIX
    V3.2G system.  It runs fine between 2 Digital UNIX systems.  When he
    tries to run it between a Digital UNIX V3.2G and an MLS+ V3.1A system 
    it gives an EACCES error.  (He calls it an ENOACCESS error, but I don't
    see this in errno...)  
    
    The Digital UNIX host was added to the MLS system via dxhostmanager as 
    a single-level with all the privs.  The accreditation range is
    unclassified on both sides.  The MLS system is setup as tsix with the
    accreditation range unclassified/top secret.  The user running the
    program has all the privs.
    
    He says when he runs the program, it appears to connect, bind and even
    accept, but then hangs and eventually comes back with EACCES.  He is
    using the AF_INET type of socket and has read section 11.2.2 of the
    Programming Guide for MLS+.
    
    What else should I have him check?  Does the program need to be
    recompiled on the MLS+ system?  Any input is welcome.
    
    Thanks,
    janet
T.RTitleUserPersonal
Name		DateLines
445.1try dropping the anti-privsSMURF::BATSegui la tua beatitudineWed Feb 05 1997 18:3420
    > a single-level with all the privs ...
    
    Do not put the anti-privs in any host entry in TNETRHDB.
    
    > The user running the program has all the privs...
    
    Try running without the "anti-privs", allownetaccess,netprivsession.
    
    If you are root, run the program by removing the privs, e.g.,
    either:
    
       # privs -r allownetaccess,netprivession
       # ./program (you are now in a subshell, ^D to exit)
    
    or:
    
       # privs -r allownetaccess,netprivssion -c '/fullpath/program'
    
    	(to execute a single instantiation)
445.2tnetd_ctl -Dn daemonnameSMURF::BATSegui la tua beatitudineWed Feb 05 1997 18:5812
    He should also be able to set debug mode on the MLS+ system to see what
    the dnsix and map daemons say (or any of the other daemons).
    
        /tcb/bin/tnetd_ctl -D2 dnsixd
    	/tcb/bin/tnetd_ctl -D2 tnmapd
    
    and look in the log files (in /usr/tcb/files unless you
    said put elsewhere) and see if there is anything interesting 
    (and post it here if yes).
445.2any tnetwork type errors?SMURF::BATSegui la tua beatitudineThu Feb 06 1997 19:5113
    He should also be able to set debug mode on the MLS+ system to see what
    the tn daemons say (or any of the other daemons).
    
        /tcb/bin/tnetd_ctl -D2 tnrhd
    	/tcb/bin/tnetd_ctl -D2 tnmapd
    
    and look in the log files (in /usr/tcb/files unless you
    said put elsewhere) and see if there is anything interesting 
    (and post it here if yes).
445.3no progressSMURF::BATSegui la tua beatitudineThu Feb 06 1997 19:5825
    Just to keep an update on this:
    
    The program in question, "gwserv", was written by Netscape for BT, and
    Pedro does not have the sources.
    
    It was built with sharable libraries on OSF V3.2G, but Pedro copied the
    libraries over to MLS+ V3.1A.  It supposedly opens a socket > 1024 to
    talk to port 4101 on a DU V3.2G system, which is handled by a program
    Pedro wrote called "wsh".  wsh gets the inquiry, returns a response and
    then hears nothing.  When run on DU, gwserv normally acks the response
    and then opens port 80 and starts taking requests.
    
    Pedro says, that when he runs gwserv with the debug flag it is telling
    him that it is getting EACCES on a recvmsg.
    
    He has the defaults for TNETRHDB, TNETIDB.  He ran as root.
    He has the patch kit #9.
    
    I sent him also the tnsmm_socket.o that Andy did for Oracle's recvmsg
    problem as a shot in the dark.  Am waiting to hear back.
    
    P.S.  RE: .1 -- the program would need netprivaddr, and might as
    well do allownetaccess, because it wants port 80.
    RE: .2 -- Nothing gets written to tnmapd when talking with single-level
    hosts.
445.4Janet, might as well close it?SMURF::BATSegui la tua beatitudineThu Feb 06 1997 20:215
    I spoke with Pedro to find out.  The tnsmm_socket.o didn't make a
    difference (didn't really expect it to).
    
    He says they are giving up on this for the moment and reloading 
    regular DU 4.0.