Thank you Herbet. It was indeed SECURE_MOUNT as I guess it must be due to how the chroot() of named is being handled.
-- Thanks, Phil ----- Original Message ----- > On Thu, Feb 23, 2012 at 05:20:58PM +0000, Phil Daws wrote: > > Hello all, > > > am trying to get BIND working with chroot() but when > > I start named I am seeing: > > > [root@nspriv01 /]# service named start > > mount: permission denied > > any reason why your 'named' service would 'mount' something? > > > I have given the vserver MKNOD, CAP_SYS_CHROOT and > > CAP_SYS_RESOURCE but it only seems to work if I give it > > CAP_SYS_ADMIN which appears very over kill. > > most likely you need one of the *_MOUNT ccaps for the bind? > mount to work ... but IMHO it's a design flaw and should > be replaced by a mount done from the guest config's fstab > > http://linux-vserver.org/Capabilities_and_Flags#Context_capabilities_.28ccaps.29 > > HTH, > Herbert > > > Which capability am I missing ? This is using kernel > > 3.0.16-vs2.3.2.1. > > > > -- > > Thanks, Phil > >Received on Fri Feb 24 08:47:10 2012