From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Sat 20 Nov 2004 - 15:38:38 GMT
On Sat, Nov 20, 2004 at 04:30:38AM -0500, Vlad Mazek wrote:
> Greetings,
>
> We've been running vserver on 2.4 successfully for years and with the
> new hardware we've started to migrate to the 2.6 kernel and are
> struggling with the vserver.
>
> Namely, can't get bind to work. It fails with the familiar error:
> Starting named: named: capset failed: Operation not permitted
bind is a little broken in this regard, and
recompiling it with --disable-linux-caps should
make it work as expected ...
> On 2.4, this was easilly fixed by adding CAP_NET_RAW to the vserver, but
you should not give CAP_NET_RAW inside a vserver.
> for some reason adding it to 2.6 and util-vserver does not help. I am
> running 2.6.9-vs1.9.3 with util-vserver 0.30.196. Here is my
> /etc/vservers/base.conf
hmm, did you test this with the same vserver?
if so, please could you provide an strace -fF of
both vservers and the output of
grep Cap /proc/self/status
from inside that vserver?
TIA,
Herbert
> IPROOT=192.168.1.50
> IPROOTDEV=eth0
> ONBOOT=yes
> S_HOSTNAME=base
> S_DOMAINNAME=mazek.com
> S_FLAGS="lock nproc"
> S_CAPS="CAP_NET_RAW"
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver