With the kernel configured for rlocate: (CONFIG_SECURITY=y and CONFIG_SECURITY_CAPABILITIES=m) # /etc/init.d/named start * Caching service dependencies ... [ ok ] * Starting named ... named: capset failed: Operation not permitted: please ensure that the capset kernel module is loaded. see insmod [ !! ] And in /var/log/messages: "Failure registering capabilities with primary security module." #strace named ....... capset(0x19980330, 0, {CAP_DAC_READ_SEARCH|CAP_SETGID|CAP_SETUID|CAP_NET_BIND_SERVICE|CAP_SYS_CHROOT|CAP_SYS_RESOURCE, CAP_DAC_READ_SEARCH|CAP_SETGID|CAP_SETUID|CAP_NET_BIND_SERVICE|CAP_SYS_CHROOT|CAP_SYS_RESOURCE, CAP_DAC_READ_SEARCH|CAP_SETGID|CAP_SETUID|CAP_NET_BIND_SERVICE|CAP_SYS_CHROOT|CAP_SYS_RESOURCE}) = -1 EPERM (Operation not permitted) write(2, "named: ", 7named: ) = 7 write(2, "capset failed: Operation not per"..., 109capset failed: Operation not permitted: please ensure that the capset kernel module is loaded. see insmod) = 109 write(2, "\n", 1 ) = 1 exit_group(1) = ? Reproducible: Always Steps to Reproduce: 1.recompile the kernel with CONFIG_SECURITY=y and CONFIG_SECURITY_CAPABILITIES=m 2.rebooting 3./etc/init.d/named start Actual Results: * Caching service dependencies ... [ ok ] * Starting named ... named: capset failed: Operation not permitted: please ensure that the capset kernel module is loaded. see insmod [ !! ] And in /var/log/messages: "Failure registering capabilities with primary Expected Results: I belive that these two should be able to co-exist
(In reply to comment #0) > Expected Results: > I belive that these two should be able to co-exist Looking at the rlocate homepage, this won't be possible... <snip> The ``Default Linux Capabilities'' must be either disabled or set to 'M' in your kernel configuration in ``Security options'' section. Capability module cannot be loaded at the same time as rlocate. </snip>
upstream issue, thanks Jakub
*** Bug 130997 has been marked as a duplicate of this bug. ***