Hi Ben,
I just managed to build and boot 2.5.2 plus my patch. My named starts
without any problem. So, sorry can't reproduce it here.
Ben Clifford <benc@hawaga.org.uk> writes:
> After applying your patch to 2.5.2, my named wouldn't start up (it
> couldn't bind to port 921)
This sounds weird. Normally, named binds to port 53 and some high
unprivileged port for replies from other DNS servers. Do you have some
'listen-on' and/or 'query-source' statements in your named.conf? If
you do, just change permissions of /mnt/net/ipv4/bind/921 appropriately.
> The below patch seems to have fixed that, and I think is probably the
> right thing to do.
[...]
> - if (snum && snum < PROT_SOCK && !accessfs_permitted(&bind_to_port[snum], MAY_EXEC))
> + if (snum && snum < PROT_SOCK && !accessfs_permitted(&bind_to_port[snum], MAY_EXEC) && !capable(CAP_NET_BIND_SERVICE))
You may use accessfs and capabilities in parallel, of course. But
currently, this is equivalent to "chown root/chmod u+x".
Regards, Olaf.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Jan 23 2002 - 21:00:16 EST