On Fri, Apr 01, 2005 at 07:31:07PM +0200, Oliver Welter wrote: > Hi Herbert, > > >>>hmm - so I think I have to mod the sources as I cant find appropriate > >>>kernel config params... > > > >check for security modules and capabilities in particular > > > Can you tell me what I must look for ? > If you mean "kernel" modules - i have a monolithic one - so no modules > are loaded at all....
CONFIG_SECURITY=y CONFIG_SECURITY_CAPABILITIES=y or CONFIG_SECURITY=n both will use the capabilities compiled in ... > >>So, that's not, what I think... I encountered the same problem, but on the > >>"normal" kernels 2.6.8/9/10. The solve was to 'modprobe capabilities' or > >>'modprobe realtime'. But if ntpd runs in the "main" context, I think, it > >>is not > > > >this diagnosis sounds very accurate to me ... > >I would double check if capabilities are loaded/compiled in > > > >maybe you are in deep trouble and do not even know it ;) > > as we use vserver only for process separeratin due to better maintenance > it will not affect operational security - but good hint anyway.... it will, it will. trust me ... most checks in linux-vserver kernel code are based on linux capabilities, so they are a requirement, not some kind of addon/feature ... best, Herbert > Oliver > -- > Diese Nachricht wurde digital unterschrieben > oliwel's public key: http://www.oliwel.de/oliwel.crt > Basiszertifikat: http://www.ldv.ei.tum.de/page72 > _______________________________________________ > Vserver mailing list > [email protected] > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
