5

I get an error from the net-snmp library doing an snmp get that says

Operation not permitted error from sendto.

I am wondering what could make the sendto(2) system call fail with this error.

Note, this is an intermittent error so I didn't think it was caused by a firewall issue, unless a firewall could cause this intermittently.

sarnold
  • 102,305
  • 22
  • 181
  • 238
Ivan Novick
  • 745
  • 2
  • 8
  • 12
  • Both SElinux and SMACK provide security hooks into the `socket_sendmsg` kernel security call. Are you running with SELinux or SMACK policy that might forbid this call? – sarnold Jun 05 '11 at 04:38
  • Would SElinux cause intermittent failures or would it always fail? I am getting intermittent failures. – Ivan Novick Jun 05 '11 at 14:29
  • 3
    it might _look_ intermittent, if your policy allows sending to sockets of [some types but not others](http://lwn.net/Articles/184261/). At least, it would leave AVC messages in your `/var/log/audit/audit.log` or `/var/log/messages` or `dmesg(1)` output... – sarnold Jun 05 '11 at 22:34

2 Answers2

2

Happened to me today, in my case the problem was due to conntrack table being full.

Additional symptom is lots of "nf_conntrack: table full, dropping packet" in syslog. If this is the case, the solution is to set net.ipv4.netfilter.ip_conntrack_max (aka net.netfilter.nf_conntrack_max) to a higher value, for example:

# sysctl net.ipv4.netfilter.ip_conntrack_max
net.ipv4.netfilter.ip_conntrack_max = 65536
# sysctl net.ipv4.netfilter.ip_conntrack_max=1548576
net.ipv4.netfilter.ip_conntrack_max = 1548576

As said by others, there could be other possible reasons for this, like SELinux or AppArmor policies. YMMV.

drdaeman
  • 11,159
  • 7
  • 59
  • 104
1

if the error code is EPERM, you are using privileged port as non-root user

Use ports > 1024

Nulik
  • 6,748
  • 10
  • 60
  • 129