From: Christian Mayrhuber (christian.mayrhuber_at_gmx.net)
Date: Thu 12 Feb 2004 - 13:40:00 GMT
Floris van Gog wrote:
> BIND9 does not even need CAP_SYS_RESOURCE. It is running in a vserver
> here (1.2x) without problems with S_CAP="" in the config file.
> Why grant it things it does not need?
Standard bind9 on debian does not even start without CAP_SYS_RESOURCE.
That's why there are packages from Paul Sladen.
Yes, I know that it can extend it's process limits in vs1.26, but it's
still better than running bind9 in the root server.
I'm using the standard bind9, because of the convenience
security.debian.org is providing.
-- lg, Chris
_______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver