[Bug 386653] New: bind (named) does not start because of capset problems
https://bugzilla.novell.com/show_bug.cgi?id=386653 User ug@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=386653#c1 Summary: bind (named) does not start because of capset problems Product: openSUSE 11.0 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Blocker Priority: P5 - None Component: Kernel AssignedTo: kernel-maintainers@forge.provo.novell.com ReportedBy: ug@novell.com QAContact: kernel-maintainers@forge.provo.novell.com CC: meissner@novell.com, trenn@novell.com Found By: --- in factory I get: sevy:~ # rcnamed start Starting name server BIND named: capset failed: Operation not permitted: please ensure that the capset kernel module is loaded. see insmod(8) startproc: exit status of parent of /usr/sbin/named: 1 during the start of the named process. I dont know if it's important: sevy:~ # rpm -q libcap libcap-1.10-74 sevy:~ # uname -a Linux sevy.suse.de 2.6.25-26-pae #1 SMP 2008-04-30 07:56:05 +0200 i686 i686 i386 GNU/Linux strace of named shows: 9875 getuid32() = 0 9875 capset(0x20071026, 0, {CAP_DAC_READ_SEARCH|CAP_SETGID|CAP_SETUID|CAP_NET_BIND_SERVICE|CAP_SYS_CHROOT|CAP_SYS_RESOURCE, CAP_DAC_READ_SEARCH|CAP_SETGID|CAP_SETUID|CAP_NET_BIND_SERVICE|CAP_SYS_CHROOT|CAP_SYS_RESOURCE, 0}) = -1 EPERM (Operation not permitted) Markus said I should mark it as blocker, so blocker it is :) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=386653
User gregkh@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=386653#c1
Greg Kroah-Hartman
https://bugzilla.novell.com/show_bug.cgi?id=386653
User o.nicolas@skynet.be added comment
https://bugzilla.novell.com/show_bug.cgi?id=386653#c2
Olivier Nicolas
From Factory,
uname -a Linux am2 2.6.25-26-default #1 SMP 2008-04-30 07:56:05 +0200 x86_64 x86_64 x86_64 GNU/Linux rcnamed start Starting name server BIND named: capset failed: Operation not permitted: please ensure that the capset kernel module is loaded. see insmod(8) Usuallyn it means that the kernel was not compiled with CONFIG_SECURITY_CAPABILITIES but looking at /proc/config.gz # # Security options # CONFIG_KEYS=y CONFIG_KEYS_DEBUG_PROC_KEYS=y CONFIG_SECURITY=y CONFIG_SECURITY_NETWORK=y # CONFIG_SECURITY_NETWORK_XFRM is not set CONFIG_SECURITY_CAPABILITIES=y CONFIG_SECURITY_FILE_CAPABILITIES=y CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=0 # CONFIG_SECURITY_SELINUX is not set CONFIG_SECURITY_APPARMOR=y CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 CONFIG_SECURITY_APPARMOR_DISABLE=y It seems that capabilites are compiled in but named does not start. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=386653
User lchiquitto@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=386653#c3
--- Comment #3 from Leonardo Chiquitto
https://bugzilla.novell.com/show_bug.cgi?id=386653
User lchiquitto@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=386653#c4
--- Comment #4 from Leonardo Chiquitto
https://bugzilla.novell.com/show_bug.cgi?id=386653
User tiwai@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=386653#c5
Takashi Iwai
https://bugzilla.novell.com/show_bug.cgi?id=386653
User ug@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=386653#c6
Uwe Gansert
participants (1)
-
bugzilla_noreply@novell.com