From: Paul Sladen (vserver_at_paul.sladen.org)
Date: Mon 24 Feb 2003 - 20:03:44 GMT
On Mon, 24 Feb 2003, Guillaume Plessis wrote:
Hello Gui,
> I followed the different pieces of advice :
For other people's reference, the FAQ entry and write-up are here:
http://www.paul.sladen.org/vserver/faq/#bind9
http://www.paul.sladen.org/vserver/archives/200211/0172.html
> - I added the CAP_SYS_RESOURCE capability to my vservers
This will work, but is giving more power to the vserver; which virtually
defeats the point of using vservers in the first place.
> - I compiled bind 9 with --disable-linux-caps
This is instead trying to disable some of the `over-cleverness' in Bind9.
> - I added the --disable-threads option to the bind9 ./configure in order
> to run named as root (I know that's foolish)
I admit that I run it as root (inside a vserver).
> => it's always wrong
> => the samed problem occurs
> => named doesn't run
Can you explain further why it doesn't run. What are the error messages (if
any), what's the strace?
> - I installed the Paul's debs
They ``Worked for Me''. ;-) Did you install all three?
> Did someone meet the same problem? Could you help me?
If you can describe it is some more detail, certainly.
I know I had a big conversation off-list with somebody else and looked at it
some more details as to the relationship between pthreads and why it
wouldn't run in various cases.
My general attitude (after getting it to work) is against the Bind9 coders
and wishing they would stop trying to be too fscking clever for their own
good. Their assumptions don't actually hold true when people actually start
using capabilities (which is what we're doing here).
-Paul
-- No War. Nottingham, GB