| 1 |
On Mon, 2005-11-14 at 17:37 -0500, Dale Pontius wrote: |
| 2 |
> Peter Shaw wrote: |
| 3 |
> |
| 4 |
> >On Monday 14 November 2005 02:51, Dale Pontius wrote: |
| 5 |
> > |
| 6 |
> > |
| 7 |
> >>I decided to try running BIND on the SELinux system. I get this message: |
| 8 |
> >> * Starting named ... |
| 9 |
> >>named: capset failed: Operation not permitted: please ensure that the |
| 10 |
> >>capset kernel module is loaded. see insmod(8) |
| 11 |
> >> |
| 12 |
> >>I've made sure that "commoncap" was built and loaded prior to trying to |
| 13 |
> >>start BIND. A bit |
| 14 |
> >>of google searching, and this seemed to have helped everyone else, but |
| 15 |
> >>not me. |
| 16 |
> >> |
| 17 |
> >> |
| 18 |
> >I had the same problem and googled it, and the module I found I had to put |
| 19 |
> >into /etc/modules.autoload.d/kernel-2.6 was ¨capability¨, not ¨commoncap¨. |
| 20 |
> >But perhaps you´re using a 2.4 kernel and it´s different - i just subscribed |
| 21 |
> >to the mailing list and didn´t see the original post. |
| 22 |
> > |
| 23 |
> > |
| 24 |
> I saw the "capability" stuff too, and thought that was the same as |
| 25 |
> "commoncap". So |
| 26 |
> now I have to ask... Where do you turn on "capability"? I did a "grep |
| 27 |
> CAP .config" |
| 28 |
> and got only 2 entries, the one that produced commoncap, and another |
| 29 |
> that was |
| 30 |
> completely unrelated. (sound, maybe?) I'm running 2.6, by the way. |
| 31 |
in the kernel security options: |
| 32 |
CONFIG_SECURITY_CAPABILITIES=y |
| 33 |
module name: 'capability' |
| 34 |
|
| 35 |
Antoine |
| 36 |
|
| 37 |
-- |
| 38 |
gentoo-hardened@g.o mailing list |
Archives