From: Burak (burak_at_duslersokagi.com)
Date: Thu 24 Oct 2002 - 14:46:49 BST
----- Original Message -----
From: "Paul Sladen" <vserver_at_paul.sladen.org>
" I run Bind on several of my vservers--without the extra CAP_SYS_RESOURCE
capabilities--and haven't experienced any problems. "
How can you run bind on several of your vservers? I have copy /etc/init.d/named file to my vserver and run it, but nothing that i get when i run it, what should i do to run more then one bind on my vservers?
----- Original Message -----
From: "Paul Sladen" <vserver_at_paul.sladen.org>
To: "VServer Patch List" <vserver_at_solucorp.qc.ca>
Sent: Thursday, October 24, 2002 2:05 AM
Subject: Re: [vserver] Bind
> On Wed, 23 Oct 2002, Burak wrote:
>
> > What is the risks to set S_CAPS="CAP_SYS_RESOURCE"
> > because in vservers users can not use bind() and it is not good somepoint.
>
> I'm not actually sure about this one anymore--somebody would be better
> giving you an answer!
>
> Normally processes are only allowed to lower their ulimit resources (core
> size, file handles...), but this allows processes to *increase* them and
> generally breaks the Unix philosophy of giving up permissions irreversibly.
>
> The interesting point is that I've never run into this problem!
> I run Bind on several of my vservers--without the extra CAP_SYS_RESOURCE
> capabilities--and haven't experienced any problems. Having said that, these
> will all be the standard Debian shipments and I haven't looked into the
> issue more deeply, as to versions, or whether there are patches involved.
>
> -Paul
>
> PS. bind() is system call that allows a program to select an IP address.
> Bind is a [the] DNS server (a ``mere program''!).
> --
> Nottingham, GB
>
>