Re: [vserver] Using nmap

From: John Alberts <john.m.alberts_at_gmail.com>
Date: Fri 19 Jun 2009 - 15:50:46 BST
Message-ID: <a23b6f900906190750w46e805a2x545ff0fc9bfc6e01@mail.gmail.com>

On Fri, Jun 19, 2009 at 9:38 AM, John Alberts<john.m.alberts@gmail.com> wrote:

> I've never used any of the capability flags.  Is there any way I can
> allow this by adding a capability for this guest.  I realize allowing
> raw net access is not a good idea, but I would just like to enable it
> temporarily so I can run a utility in the guest one time that requires
> nmap.  Then I'll just remove the capability.

Sorry. Please ignore my rambling. I saw the documentation on the
wiki, but I was a little weary of trying it on my production server.
I added NET_ADMIN, NET_RAW, NET_BROADCAST and NET_BIND_SERVICE to
/etc/vservers/guestname/bcapabilities and restarted the guest. Nmap
works great now and I just removed the bacpabilities and restarted the
server again, since I don't need nmap again.
I know I probably added more capabilities than I needed, but it was
only temporary.

Regards,
John
Received on Fri Jun 19 15:51:00 2009

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Fri 19 Jun 2009 - 15:51:01 BST by hypermail 2.1.8