Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 98830

Summary: rlocate kernel module and bind can't coexist
Product: Gentoo Linux Reporter: Flemming Richter <quatrox>
Component: [OLD] UnspecifiedAssignee: Gentoo Kernel Bug Wranglers and Kernel Maintainers <kernel>
Status: RESOLVED UPSTREAM    
Severity: normal CC: BryanRJ, vapier
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Flemming Richter 2005-07-12 16:39:03 UTC 
With the kernel configured for rlocate: 
(CONFIG_SECURITY=y and CONFIG_SECURITY_CAPABILITIES=m)

# /etc/init.d/named start
 * Caching service dependencies ...                                            
                                                                        [ ok ] *
Starting named ...
named: capset failed: Operation not permitted: please ensure that the capset
kernel module is loaded.  see insmod                                    [ !! ]

And in /var/log/messages: "Failure registering capabilities with primary
security module."

#strace named
.......
capset(0x19980330, 0,
{CAP_DAC_READ_SEARCH|CAP_SETGID|CAP_SETUID|CAP_NET_BIND_SERVICE|CAP_SYS_CHROOT|CAP_SYS_RESOURCE,
CAP_DAC_READ_SEARCH|CAP_SETGID|CAP_SETUID|CAP_NET_BIND_SERVICE|CAP_SYS_CHROOT|CAP_SYS_RESOURCE,
CAP_DAC_READ_SEARCH|CAP_SETGID|CAP_SETUID|CAP_NET_BIND_SERVICE|CAP_SYS_CHROOT|CAP_SYS_RESOURCE})
= -1 EPERM (Operation not permitted)
write(2, "named: ", 7named: )

                  = 7
write(2, "capset failed: Operation not per"..., 109capset failed: Operation not
permitted: please ensure that the capset kernel module is loaded.  see insmod) = 109
write(2, "\n", 1
)                       = 1
exit_group(1)                           = ?




Reproducible: Always
Steps to Reproduce:
1.recompile the kernel with CONFIG_SECURITY=y and CONFIG_SECURITY_CAPABILITIES=m
2.rebooting
3./etc/init.d/named start

Actual Results:  
 * Caching service dependencies ...                                            
                                                                        [ ok ] *
Starting named ...
named: capset failed: Operation not permitted: please ensure that the capset
kernel module is loaded.  see insmod                                    [ !! ]

And in /var/log/messages: "Failure registering capabilities with primary

Expected Results:  
I belive that these two should be able to co-exist
Comment 1 Jakub Moc (RETIRED) gentoo-dev 2005-07-12 18:39:48 UTC 
(In reply to comment #0)
> Expected Results:  
> I belive that these two should be able to co-exist

Looking at the rlocate homepage, this won't be possible...

<snip>
The ``Default Linux Capabilities'' must be either disabled or set to 'M' in your
kernel configuration in ``Security options'' section. Capability module cannot
be loaded at the same time as rlocate. 
</snip>
Comment 2 SpanKY gentoo-dev 2005-07-12 18:49:43 UTC 
upstream issue, thanks Jakub
Comment 3 Jakub Moc (RETIRED) gentoo-dev 2006-04-23 11:09:41 UTC 
*** Bug 130997 has been marked as a duplicate of this bug. ***