On Thu, Feb 23, 2012 at 05:20:58PM +0000, Phil Daws wrote:
> Hello all,
> am trying to get BIND working with chroot() but when
> I start named I am seeing:
> [root@nspriv01 /]# service named start
> mount: permission denied
any reason why your 'named' service would 'mount' something?
> I have given the vserver MKNOD, CAP_SYS_CHROOT and
> CAP_SYS_RESOURCE but it only seems to work if I give it
> CAP_SYS_ADMIN which appears very over kill.
most likely you need one of the *_MOUNT ccaps for the bind?
mount to work ... but IMHO it's a design flaw and should
be replaced by a mount done from the guest config's fstab
http://linux-vserver.org/Capabilities_and_Flags#Context_capabilities_.28ccaps.29
HTH,
Herbert
> Which capability am I missing ? This is using kernel 3.0.16-vs2.3.2.1.
> --
> Thanks, Phil
Received on Fri Feb 24 03:57:23 2012