Ticket #550 (closed defect: fixed)
Bind9 runit script does not modprobe capability
|Reported by:||anonymous||Owned by:||juruen@…|
On Debian sarge:
Bind9 requires the kernel capability module in order to drop all its root privileges except the ability to bind to a privileged port.
The /etc/runit/bind9/run should be changed to something like:
#!/bin/sh modprobe capability >/dev/null 2>&1 || true exec 2>&1 exec /usr/sbin/named -u bind -g
This ensures that mod capability is installed before bind starts. Else you get bind complaining about not being able to bind to port 53 the whole time.