Or you have to compile bind with --disable-linux-caps
--> MUCH better ! (security wise)
I'd like to know what is the security problem with CAP_SYS_RESSOURCE ?
Herbert said
"Currently the following Linux Capabilities are considered secure, if
you add others to them, you will probably open some security hole."
but what is the problem with override resource limits, quota, reserved
space on fs, ...? DOS on another vserver using the whole ressources ?
what else ?
thanks
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
