linux 2.6 capset

Loomis, Rip GILBERT.R.LOOMIS at saic.com
Fri Apr 23 13:10:36 UTC 2004


Lamont--
I ran into it in a workshop setting on my Debian box
with a 2.6 kernel.  I'm not sure that the workshop
notes made it to ISC yet, but my suggestion was that
it be added as a note in the documentation (that upon
the occurrence of that particular error on a Linux box
with the 2.6 kernel, the admin needs to modprobe
capability).

Not sure this is realistically fixable with a patch,
unless there's a runtime call that can validate the
presence/absence of the capability module and throw an
appropriate error.  I couldn't easily find such a call,
but I didn't spend much time looking.  Of course commenting
out the capset call works as well, but that's not a 
desirable solution.

  --Rip

> -----Original Message-----
> From: bind-workers-bounce at isc.org 
> [mailto:bind-workers-bounce at isc.org] On Behalf Of LaMont Jones
> Sent: Thursday, April 22, 2004 1:35 PM
> To: bind-workers at isc.org
> Subject: linux 2.6 capset
> 
> 
> With linux 2.6, capset can be a module, which effectively breaks bind9
> (fatal: capset failed).  Regrettably, the return from the syscall is
> identical if the module is not compiled in, or if you lack permission
> to do the capset() call.  (Both return EPERM.)
> 
> Working on a patch, but wondering if anyone else has run into this.
> 
> lamont
> 


More information about the bind-workers mailing list