| View previous topic :: View next topic |
| Author |
Message |
poly_poly-man
Advocate
Joined: 06 Dec 2006
Posts: 2477
Location: RIT, NY, US
|
 Posted: Wed May 28, 2008 12:54 am Post subject: bind problem... [solved] |
 |
|
So I did what I dread doing - I halted my server (not thinking, command-in-the-wrong-terminal.... splat.  ). I did this once before on my old server with 93 days uptime...
Anyway, this server, among other services, provides DNS for the network, using bind. I tried booting it up, and bind is dead.... it says "named: capset failed: Invalid argument: please ensure that the capset kernel mosule is loaded. see insmod( ". Well, I don't have a capset of capabilities kernel module.
CONFIG_SECURITY_CAPABILITIES is built into the kernel, CONFIG_SECURITY_FILE_CAPABILITIES is not enabled.
I tried emerging libcap, no luck.
How do I fix this?
poly-p man
_________________
iVBORw0KGgoAAAANSUhEUgAAA
avatar: new version of logo - see topic 838248. Potentially still a WiP.
Last edited by poly_poly-man on Wed Jun 04, 2008 9:30 pm; edited 1 time in total |
|
| Back to top |
|
 |
SeaTiger
l33t
Joined: 22 Nov 2007
Posts: 603
Location: Toronto, Ontario, Canada
|
| Posted: Wed May 28, 2008 3:14 am Post subject: |
|
|
What is your bind USE flag, version? Also what kernel version?
Try emerge/update bind again. As current kernel >2.6.24(I think it is after .24, but could be earlier), it is no longer possible to compile kernel capability as module. So a bind update may fix the problem. |
|
| Back to top |
|
|
poly_poly-man
Advocate
Joined: 06 Dec 2006
Posts: 2477
Location: RIT, NY, US
|
| Posted: Wed May 28, 2008 6:56 pm Post subject: |
|
|
| junksiu wrote: | What is your bind USE flag, version? Also what kernel version?
Try emerge/update bind again. As current kernel >2.6.24(I think it is after .24, but could be earlier), it is no longer possible to compile kernel capability as module. So a bind update may fix the problem. |
| Code: | # emerge -pv bind
These are the packages that would be merged, in order:
Calculating dependencies... done!
[ebuild R ] net-dns/bind-9.4.2 USE="ssl threads -berkdb -dlz -doc -idn -ipv6 -ldap -mysql -odbc -postgres -resolvconf (-selinux) -urandom" 0 kB |
I tried to rebuild bind - that was one of the first things I did try... didn't work
poly-p man
_________________
iVBORw0KGgoAAAANSUhEUgAAA
avatar: new version of logo - see topic 838248. Potentially still a WiP. |
|
| Back to top |
|
|
SeaTiger
l33t
Joined: 22 Nov 2007
Posts: 603
Location: Toronto, Ontario, Canada
|
| Posted: Thu May 29, 2008 3:11 am Post subject: |
|
|
I hope the following will help:
My bind USE: | Code: | [I] net-dns/bind
Installed versions: 9.4.2(06:41:31 PM 05/19/2008)(berkdb dlz idn ipv6 ldap mysql odbc resolvconf ssl threads -doc -postgres -selinux -urandom) |
My kernel Security options page | Code: | .config - Linux Kernel v2.6.26-rc2 Configuration
──────────────────────────────────────────────────────────────────────────────────────────────
┌─────────────────────────────────── Security options ────────────────────────────────────┐
│ Arrow keys navigate the menu. <Enter> selects submenus --->. Highlighted letters are │
│ hotkeys. Pressing <Y> includes, <N> excludes, <M> modularizes features. Press │
│ <Esc><Esc> to exit, <?> for Help, </> for Search. Legend: [*] built-in [ ] excluded │
│ <M> module < > module capable │
│ ┌─────────────────────────────────────────────────────────────────────────────────────┐ │
│ │ -*- Enable access key retention support │ │
│ │ [ ] Enable the /proc/keys file by which keys may be viewed │ │
│ │ [*] Enable different security models │ │
│ │ [*] Socket and Networking Security Hooks │ │
│ │ [*] XFRM (IPSec) Networking Security Hooks │ │
│ │ [*] Default Linux Capabilities │ │
│ │ [*] File POSIX Capabilities (EXPERIMENTAL) │ │
│ │ (0) Low address space to protect from user allocation │ │
│ │ [*] NSA SELinux Support │ │
│ │ [*] NSA SELinux boot parameter │ │
│ │ (0) NSA SELinux boot parameter default value │ │
│ │ [*] NSA SELinux runtime disable │ │
│ │ [*] NSA SELinux Development Support │ │
│ │ [*] NSA SELinux AVC Statistics │ │
│ │ (1) NSA SELinux checkreqprot default value │ │
│ │ [ ] NSA SELinux enable new secmark network controls by default │ │
│ │ [ ] NSA SELinux maximum supported policy format version │ │
│ │ [ ] Simplified Mandatory Access Control Kernel Support │ │
│ │ │ │
│ └─────────────────────────────────────────────────────────────────────────────────────┘ │
├─────────────────────────────────────────────────────────────────────────────────────────┤
│ <Select> < Exit > < Help > │
└─────────────────────────────────────────────────────────────────────────────────────────┘ |
|
|
| Back to top |
|
|
poly_poly-man
Advocate
Joined: 06 Dec 2006
Posts: 2477
Location: RIT, NY, US
|
| Posted: Wed Jun 04, 2008 9:31 pm Post subject: |
|
|
made USE -threads... no more capabilities dependency.
poly-p man
_________________
iVBORw0KGgoAAAANSUhEUgAAA
avatar: new version of logo - see topic 838248. Potentially still a WiP. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
