KB Article #163654

Appliance Gateway or APIServer process can't listen on ports <1024

On an Appliance running Oracle Linux with version 6.3.1 or later the Apiserver, Node Manager or Gateway process (non root) is unable to listen on ports <1024


Error in the trace :-


INFO 26/Oct/2012:09:04:51.892 [6422b6f0] checking invariants for interface *:80
ERROR 26/Oct/2012:09:04:51.892 [6422b6f0] failed to listen on address 0.0.0.0/80: Permission denied. can't bind socket to address
FATAL 26/Oct/2012:09:04:51.893 [6422b6f0] cannot listen on any address for interface *:80


This can happen as a result of the losing the CAP_NET_BIND capability for the vshell process which it had when issued. It be the result of a patch applied or because the installation was restored from a backup or because chown was used on vshell.


To ensure that the Gateway/APIServer process has the correct capability run:
# getcap /opt/gateway|/platform/bin/vshell


The output of this command should be:
/opt/gateway/platform/bin/vshell = cap_net_bind_service+ep

If this is not the output received then execute the following to fix the capabilities:
# setcap 'cap_net_bind_service=+ep' /opt/gateway/platform/bin/vshell

Systems that see license errors when running as non-root may also need the rawio setcap permission:

/usr/sbin/setcap 'cap_net_bind_service=+ep cap_sys_rawio+ep' /opt/apiserver/platform/bin/vshell