----- Original Message -----
From: "Paul Sladen" <[EMAIL PROTECTED]>
" I run Bind on several of my vservers--without the extra
CAP_SYS_RESOURCE
capabilities--and haven't experienced any problems. "
capabilities--and haven't experienced any problems. "
How can you run bind on several of your vservers?
I have copy /etc/init.d/named file to my vserver and run it, but nothing that i
get when i run it, what should i do to run more then one bind on my
vservers?
----- Original Message -----
From: "Paul Sladen" <[EMAIL PROTECTED]>
To: "VServer Patch List" <[EMAIL PROTECTED]>
Sent: Thursday, October 24, 2002 2:05
AM
Subject: Re: [vserver] Bind
>
> > What is the risks to set S_CAPS="CAP_SYS_RESOURCE"
> > because in vservers users can not use bind() and it is not good somepoint.
>
> I'm not actually sure about this one anymore--somebody would be better
> giving you an answer!
>
> Normally processes are only allowed to lower their ulimit resources (core
> size, file handles...), but this allows processes to *increase* them and
> generally breaks the Unix philosophy of giving up permissions irreversibly.
>
> The interesting point is that I've never run into this problem!
> I run Bind on several of my vservers--without the extra CAP_SYS_RESOURCE
> capabilities--and haven't experienced any problems. Having said that, these
> will all be the standard Debian shipments and I haven't looked into the
> issue more deeply, as to versions, or whether there are patches involved.
>
> -Paul
>
> PS. bind() is system call that allows a program to select an IP address.
> Bind is a [the] DNS server (a ``mere program''!).
> --
> Nottingham, GB
>
>
