Dear all, I solved my problem by simply unpriviledging all ports on the system: # echo 'net.ipv4.ip_unprivileged_port_start=0' > /etc/sysctl.d/50-unprivileged-ports.conf # sysctl --system
Now anybody can bind to any port. I wish we were on Plan 9 where filesystem permissions applies to the network too, but we have to use a half-a-century old API instead. I hate port numbers with a passion. Anyway. That works, I'm happy. I hope it can be useful to somebody else. Cheers, Edouard. e...@beaver-labs.com writes: > Dear fellow Guixers, > > I'm trying to run nginx with `guix system container --network toto.scm`, > and I get the following error: > > nginx: [emerg] bind() to 0.0.0.0:80 failed (13: Permission denied) > > despite the container script being launched with sudo. > > I got a root shell inside the container, checked that the corresponding > process also belongs to root from outside the container, and still don't > have the right to bind to port 80, with any software (this is not an > nginx error). > > netcat lets me launch `nc -l 80` but I can't reach it, I don't think it > is actually binding. > > Is this a known problem or limitation of guix containers ? > > What do you suggest to try to troubleshoot this issue ? > > Cheers, > > Edouard.
