/*************************************************************************
* 响应: 500 OOPS: priv_sock_get_int 错误: 读取目录列表失败
* 说明:
* 使用了Android的Kernel来做Linux系统开发,自己搭的文件系统运行vsftp出现
* 500 OOPS: priv_sock_get_int报错,原因是Android内核检查机制导致的。
*
* 2017-10-11 深圳 南山平山村 曾剑锋
************************************************************************/

一、参考文档:
1. vsftpd 服务移植出现 500 oops : socket 解决
http://www.cnblogs.com/chenfulin5/p/6912706.html

二、解决办法:
1. cat net/ipv4/af_inet.c
...
#ifdef CONFIG_ANDROID_PARANOID_NETWORK
#include <linux/android_aid.h>

static inline int current_has_network(void)
{
return in_egroup_p(AID_INET) || capable(CAP_NET_RAW);
}
#else
static inline int current_has_network(void)
{
return 1;
}
#endif
...
2. make menuconfig
.config - Linux/arm 3.0.35 Kernel Configuration
──────────────────────────────────────────────────────────────────────────────
┌────────────────────────── Networking options ───────────────────────────┐
│ Arrow keys navigate the menu. <Enter> selects submenus --->. │
│ Highlighted letters are hotkeys. Pressing <Y> includes, <N> excludes, │
│ <M> modularizes features. Press <Esc><Esc> to exit, <?> for Help, </> │
│ for Search. Legend: [*] built-in [ ] excluded <M> module < > │
│ ┌────^(-)─────────────────────────────────────────────────────────────┐ │
│ │ [ ] TCP: advanced congestion control ---> │ │
│ │ [ ] TCP: MD5 Signature Option support (RFC2385) (EXPERIMENTAL) │ │
│ │ < > The IPv6 protocol ---> │ │
│ │ [ ] Only allow certain groups to create sockets <---- 修改这里 | │
│ │ [*] Network activity statistics tracking │ │
│ │ [ ] Security Marking │ │
│ │ [ ] Timestamping in PHY devices │ │
│ │ [ ] Network packet filtering framework (Netfilter) ---> │ │
│ │ < > The DCCP Protocol (EXPERIMENTAL) ---> │ │
│ └────v(+)─────────────────────────────────────────────────────────────┘ │
├─────────────────────────────────────────────────────────────────────────┤
│ <Select> < Exit > < Help > │
└─────────────────────────────────────────────────────────────────────────┘
3. 编译报错:
...
security/commoncap.c: In function 'cap_capable':
security/commoncap.c:91:40: error: 'AID_NET_RAW' undeclared (first use in this function)
security/commoncap.c:91:40: note: each undeclared identifier is reported only once for each function it appears in
security/commoncap.c:93:42: error: 'AID_NET_ADMIN' undeclared (first use in this function)
make[1]: *** [security/commoncap.o] Error 1
make: *** [security] Error 2
...
4. 解决编译报错:
cat security/commoncap.c
...
int cap_capable(struct task_struct *tsk, const struct cred *cred,
struct user_namespace *targ_ns, int cap, int audit)
{
/*
if (cap == CAP_NET_RAW && in_egroup_p(AID_NET_RAW))
return 0;
if (cap == CAP_NET_ADMIN && in_egroup_p(AID_NET_ADMIN))
return 0;
*/
...
}
...