Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NS initialisation failure (Permission denied) #2007

Closed
skydevil56 opened this issue Mar 31, 2018 · 7 comments
Closed

NS initialisation failure (Permission denied) #2007

skydevil56 opened this issue Mar 31, 2018 · 7 comments
Assignees
@pguibert6WIND
Labels
cleanup zebra

Comments

@skydevil56
Copy link

Hi!
I'm trying to get FRR to work on Debian 7 x64 (3.2.0-4-amd64 #1 SMP Debian 3.2.81-2 x86_64 GNU/Linux).
I really need it.
When i'm try to start the zebra, i'm getting error:

root@hub1:~# /usr/lib/frr/zebra
2018/03/31 18:25:35 errors: ZEBRA: NS initialisation failure (Permission denied)
2018/03/31 18:25:35 warnings: ZEBRA: Disabling MPLS support (no kernel support)

I do not need namespaces (vrf) support in FRR in my use cases. Can i disable namespace support to prevent that error?
@donaldsharp
Copy link
Member

As far as I can tell this is just a poorly written error message and needs to be rethought a bit. Is FRR working otherwise?

@skydevil56
Copy link
Author

FRR is working,
I tested the FRR for a short time (only BGP). I have not yet discovered any problems.
I found that in the Debian 7 operating system, the file /proc/self/ns/net has only read permissions for the root user:

root@hub1:~# ls -l /proc/self/ns/net
-r-------- 1 root root 0 Apr  1 10:52 /proc/self/ns/net

The FRR runs as a frr user, and therefore the FRR does not have access to the /proc/self/ns/net.

@pguibert6WIND
Copy link
Member

Getting the file descriptor for default NS is necessary to switch back to default VRF.
Maybe playing with linux capabilities may help in solving that ?

@skydevil56
Copy link
Author

What do you mean when you say "playing with linux capabilities"?

@pguibert6WIND
Copy link
Member

I need to do some testing before.
Basically, there are some privileges that the code can use to be able to read that file.
So, I will do that.
In the meantime, you can try to do the following

setcap 'cap_sys_admin' /usr/bin/zebra

I expect that this should permit zebra daemon to be able to read that file.

@pguibert6WIND
Copy link
Member

Hello @skydevil56 , which frr release do you need for that ?
What you want is starting zebra without errors on your platform; also you dont want to use netns for now.

If that is the case, then you should retry on the last FRR release. the error message disappeared.
I think the initialisation will be ok.

  1. If there is still the error, I can, help to fix it.
  2. If you need an other FRR release, please tell me, we can eventually do backporting.
  3. If you need to make netns work on your setup, then I am willing to help you too.

but lets clarify the goals of this ticket which is 1) and 2).

@qlyoung qlyoung added the zebra label Apr 21, 2019
@qlyoung
Copy link
Member

qlyoung commented Apr 21, 2019

No activity.

@qlyoung qlyoung closed this as completed Apr 21, 2019
@javier-godoy javier-godoy mentioned this issue May 17, 2021
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pguibert6WIND pguibert6WIND

Labels
cleanup zebra
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@skydevil56 @qlyoung @donaldsharp @pguibert6WIND