DNS name resolution failing - EPERM error

[Kevin Darcy]

Greg Larkin wrote:

>Hi there,
>
>I am trying to fix a problem on a Gentoo box that I am administering.
>"uname -a" reports the following:
>
>Linux host.name.com 2.4.19-gentoo-r10 #1 SMP Mon Jan 6 11:20:35 EST
>2003 i686 Intel(R) Xeon(TM) CPU 2.40GHz GenuineIntel GNU/Linux
>
>I just discovered that I cannot ping any hosts from this machine due
>to name resolution failures, except the ones defined in /etc/hosts.  I
>am running commands as root, but they still can't seem to open the raw
>socket to the DNS servers to send name resolution requests.
>
>For instance:
>
># ping rsync.gentoo.org
>ping: unknown host rsync.gentoo.org
>
>I ran the same command with strace and saw these messages in the
>output file:
>
>...
>...
>socket(PF_INET, SOCK_RAW, IPPROTO_ICMP) = -1 EPERM (Operation not
>permitted)
>
Well, "ping" uses raw sockets because it uses ICMP, and raw sockets 
require privileged and/or superuser authority. That's why the "ping" 
executable is set-uid root on some (Solaris at least) platforms. Is it 
not set-uid root on Gentoo?

Resolver calls, however, do *not* need access to raw sockets. Plain old 
UDP or TCP sockets work just fine. If resolver calls required raw 
sockets, then every program that looked up DNS names would need to be 
privileged...

>...
>...
>send(3, "5\4\1\0\0\1\0\0\0\0\0\0\5rsync\6gentoo\3org\0\0\1\0\1", 34,
>0) = -1 EPERM (Operation not permitted)
>...
>
Now, this is more interesting, and seemingly unrelated to the EPERM 
result above. Trouble is, I can't find EPERM as a valid return for the 
send() call on any man page I looked at. Does it mean something special 
on Gentoo? What does your man page for send() say?

                                                                         
                                                - Kevin