About this list Date view Thread view Subject view Author view Attachment view

From: Andy Kwong (iserlohn_at_aicompro.com)
Date: Thu 10 Jan 2002 - 18:18:04 GMT


You can just compile BIND9 without Linux cap support with a ./configure
option. IIRC, the option is --disable-linux-caps. I have a modified
RH7.2 rpm if anyone is interested.

On Wed, 2002-01-09 at 19:37, Guillaume Bourque wrote:
> Hi again !,
>
> have anyone been able to make bind 9.2 running with in a vserser ?
>
> [root_at_ns1 www]# /etc/init.d/named start
> Starting named: named: capset failed: Operation not permitted
> [ERREUR]
>
> [root_at_ns1 www]# rpm -qa | grep bind
> bind-utils-9.2.0-0.rc3.1mdk
> bind-9.2.0-0.rc3.1mdk
>
> I also found some information: this here
> http://www.ultraviolet.org/mail-archives/lids.2001/1245.html
>
> > Starting named: named: capset failed: Operation not permitted
>
> If I recall correctly, BIND tries to use kernel capabilities in its
> own
> code, which is not compatible with having LIDS police capabilities. I
> think
> people have had success in the past commenting out the cap calls in
> BIND.
>
> Or, if you're worried about security, you could run djbdns instead
> of
> BIND.
>
>
> TIA !
>
>
>
>
> --
> --------------------- La qualité avant tout ! ----------------------
> Guillaume Bourque Conseiller technologique
> LogiSoft Technologies inc.
> Tél. (514) 576-7638 Fax: (450) 649-6134
> -------------------- http://www.logisoftech.com --------------------
>
>


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 06 Nov 2002 - 07:03:38 GMT by hypermail 2.1.3