Re: [Vserver] using djbdns (tinydns & dnscache) from within vserver:
 vserver development mailing list 
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

Re: [Vserver] using djbdns (tinydns & dnscache) from within vserver

From: Herbert Poetzl <herbert_at_13thfloor.at>
Date: Wed 12 Apr 2006 - 16:17:09 BST
Message-ID: <20060412151709.GC29097@MAIL.13thfloor.at>

On Wed, Apr 12, 2006 at 12:41:14PM +0200, Benedict Verheyen wrote:
> Hi,
>
> i installed the latest vserver patch on a pristine 2.6.16 kernel on
> a Debian Sarge. I made a vm and it all works fine. Now i have an uml
> running with tinydns and dnscache in it and i wanted to move that to
> vserver.
>
> First problem was that the supervising program wasn't run but i found
> a script somewhere to run it from the init procedure instead of from
> inittab so now it boots up fine.

you could alternatively use the 'plain' init style
and have a real init inside the guest, just as on
uml :)

> Problem is that dns resolving for my clients pc's doesn't work at all.

I assume that is some network configuration error
keep in mind that UML requires routing/bridging
where linux-vserver is _on_ the host

> Even from within the vserver doing for instance a dnsip doesn't work.

how does it fail?

> >From the moment i stop the vserver and run the uml again, it all works.
> The uml was copied to the directory where the vserver resides so the dns
> config is the same.
>
> I then started to fiddle with capabilities because i thought this
> might be the problem. Here is what i added to the bcapabilities and
> ccapabilities file:
>
> bcapabilities
> NET_BIND_SERVICE
this one is given by default

> NET_RAW
> NET_ADMIN
those are not needed and will compromise security

> NET_BROADCAST
this one is not used in the kernel at all :)

> SYS_RESOURCE
harmless but probably not required

> SYS_BOOT
should be there by default

> SYS_RAWIO
this one is dangerous

>
> ccapabilities
> icmp
> ping
those are synonyms, so one of them should
be enough, IIRC raw_icmp

> What needs to be changed in order to run djbdns?

probably the only thing really required to be changed
is the way you handle the networking, aside from that
djbdns should not have any issues, maybe you can
elaborate a little on your network setup, and how
you test?

TIA,
Herbert

> Thanks,
> Benedict
>
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Wed Apr 12 16:17:33 2006

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 12 Apr 2006 - 16:17:37 BST by hypermail 2.1.8