Re: [Vserver] error trying to dnsmasq on a debian sarge

From: Herbert Poetzl <herbert_at_13thfloor.at>
Date: Sat 29 Oct 2005 - 20:10:12 BST
Message-ID: <20051029191011.GB23444@MAIL.13thfloor.at>

On Sat, Oct 29, 2005 at 05:57:13PM +0200, Jens Holze wrote:
> 2005/10/29, Herbert Poetzl <herbert@13thfloor.at>:
> > On Fri, Oct 28, 2005 at 04:53:49PM +0200, Jens Holze wrote:
> > > Hi!
> > >
> > > I've just set up the latest vserver on FC4 and added two vservers one
> > > based on debian sarge the other on FC4. The debian one should do some
> > > basic networking stuff and backups. Therefore I'd like to run dnsmasq
> > > on it. I installed it but when I activated it's dhcp function, i get
> > > this message at boot:
> > >
> > > Starting DNS forwarder and DHCP server: dnsmasqdnsmasq: cannot create
> > > DHCP packet socket: Operation not permitted. Is CONFIG_PACKET enabled
> > > in your kernel? (failed).
> > >
> > > Of course, CONFIG_PACKET is enabled in kernel, so I'm not really
> > > sure what to do to get the program running. Do I need to add S_CAPS
> > > options?
> >
> > well, depends on what the tool is 'trying' to do ...
> > maybe it is opening a raw socket (or trying to do so)
> > at least the DHCP stuff seems to point into that direction
>
> Well, dnsmasq is a dhcp and dns server which is actually what I want
> it to do because names of all the machines that get ips and announce
> their names via dhcp are automatically put together (it's hard work to
> do this with bind and dhcp). The server will not be publically
> accessible (lowered security is no problem) it's simply because I like
> debian and thought I could have a virtual debian on fedora (and it
> works well apart from this problem) where I could put all the
> uninteresting network services...
>
> > this would mean that it would require CAP_NET_RAW which
> > in turn would permit interface sniffing inside the guest
>
> I found that I needed to create a .conf for my server (there was none
> before this) and put the SCAPS variable in it. But nothing changed
> when booting the server. Where can I see that the options are actually
> recognized?

the .conf file is legacy stuff, don#t use it for new guests
the capabilities go to the bcapabilities file in your guest
config tree (see Flower Page for details)

> > maybe the DHCP stuff can be deactivated via some config
> > option (for dnsmasqd)?
>
> Yes, it can. But that's not what I intended. Is it really a problem to
> run a dhcp inside a vserver?

no problem, if the sniffing isn't an issue ...
so it's fine in your case, just add the CAP_NET_RAW and
probably the CAP_NET_BROADCAST too, for dhcp, maybe you
also need to add the broadcast address to the assigned
ips (depends on how this dhcp works)

HTH,
Herbert

> Jens
>
> > best,
> > Herbert
> >
> > > Thanks in advance!
> > >
> > > Jens
> > >
> > > --
>
>
> --
> "Wars not make one great" - Master Yoda
> yodahome_at_googlemail.com - http://yodahome.de
> ICQ: 252623701
> watch http://littlevampire.yodahome.de
> the relaunch is coming on Halloween '05
>
> senseless wisdom of life -
> my geeky blog under http://yodahome.de/blog
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Sat Oct 29 20:10:28 2005

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sat 29 Oct 2005 - 20:10:35 BST by hypermail 2.1.8