Context Navigation

← Previous Ticket
Next Ticket →

Modify ↓

Ticket #550 (closed defect: fixed)

Opened 6 years ago

Last modified 3 years ago

Bind9 runit script does not modprobe capability

Reported by:	anonymous	Owned by:	juruen@…
Milestone:		Component:	base
Severity:	normal	Keywords:
Cc:

Description

Hi,

On Debian sarge:

Bind9 requires the kernel capability module in order to drop all its root privileges except the ability to bind to a privileged port.

The /etc/runit/bind9/run should be changed to something like:

#!/bin/sh
modprobe capability >/dev/null 2>&1 || true
exec 2>&1
exec /usr/sbin/named -u bind -g

This ensures that mod capability is installed before bind starts. Else you get bind complaining about not being able to bind to port 53 the whole time.

Thanks

Attachments

Change History

comment:1 Changed 5 years ago by anonymous

This works great for bind 9.4.2-P1 and Kernel 2.6.21.5

comment:2 Changed 5 years ago by juruen@…

Status changed from new to closed
Resolution set to fixed

(In [11133]) Load module capability in pre-start just like the bind9 init script does closes #550

View ↑

Add a comment

You may use WikiFormatting here.

Modify Ticket

Change Properties

Summary:
Type:	Milestone:
Component:	Severity:
Keywords:	Add/Remove from Cc:	<Author field>

Action

leave as closed

reopen The resolution will be deleted. Next status will be 'reopened'

Author

Your email or username:

E-mail address and user name can be saved in the Preferences.

Attachments ↑

Note: See TracTickets for help on using tickets.

Download in other formats: