Can I run BIND9 in a vserver? If yes, is there something I
need to be aware of? (One of my nameservers died, so I'm
considering virtualizing DNS).
--
Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org
__
ICBM: 48.07100,
Eugen Leitl a écrit :
Can I run BIND9 in a vserver? If yes, is there something I
need to be aware of? (One of my nameservers died, so I'm
considering virtualizing DNS).
Yes you can but you need to be aware of these capabilities
CAP_MKNOD ( first launch on fedora , you can remove it
Or you have to compile bind with --disable-linux-caps
-- MUCH better ! (security wise)
I'd like to know what is the security problem with CAP_SYS_RESSOURCE ?
Herbert said
Currently the following Linux Capabilities are considered secure, if
you add others to them, you will probably
I'd like to know what is the security problem with CAP_SYS_RESSOURCE ?
Herbert said
Currently the following Linux Capabilities are considered secure, if
you add others to them, you will probably open some security hole.
but what is the problem with override resource limits, quota, reserved
I want to execute some tasks when a vserver is started, but I don't know how
to make it. I found an instruction in
http://www.solucorp.qc.ca/howto.hc?projet=vserverid=56
But it seems that it doesn't work for util-vserver 0.30.210. Are there any
other ways to do it?
Bruno gave me a hint that I can
