From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.50) id 1EbpiI-0000LC-Dj for garchives@archives.gentoo.org; Tue, 15 Nov 2005 01:34:22 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.5/8.13.5) with SMTP id jAF1Wk0G016389; Tue, 15 Nov 2005 01:32:46 GMT Received: from mta4.adelphia.net (mta4.adelphia.net [68.168.78.184]) by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id jAF1Wji1006060 for ; Tue, 15 Nov 2005 01:32:46 GMT Received: from homer.edgehp.net ([69.171.210.251]) by mta9.adelphia.net (InterMail vM.6.01.05.02 201-2131-123-102-20050715) with ESMTP id <20051115012313.RQLA3200.mta9.adelphia.net@homer.edgehp.net> for ; Mon, 14 Nov 2005 20:23:13 -0500 Received: from [192.168.154.40] (anastasia.edgehp.net [192.168.154.40]) by homer.edgehp.net (Postfix) with ESMTP id 24E4E5A89D for ; Mon, 14 Nov 2005 20:21:20 -0500 (EST) Message-ID: <43793883.3030607@edgehp.net> Date: Mon, 14 Nov 2005 20:23:15 -0500 From: Dale Pontius User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.7.12) Gecko/20050920 X-Accept-Language: en-us, en Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 To: gentoo-hardened@lists.gentoo.org Subject: Re: [gentoo-hardened] SELinux n00b questions References: <435A6E83.15754.A4A6C273@pageexec.freemail.hu> <1130728797.25301.67.camel@gorn.pebenito.net> <4377ED93.2090408@edgehp.net> <200511140920.22796.petershaw83@yahoo.ca> <4379118D.9080005@edgehp.net> In-Reply-To: <4379118D.9080005@edgehp.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by robin.gentoo.org id jAF1Wk1f016389 X-Archives-Salt: 322ee553-c7a6-441d-9b78-c21c070ceda9 X-Archives-Hash: 8a1d18035c4342830e73d31684a90a6c Dale Pontius wrote: > Peter Shaw wrote: > >> On Monday 14 November 2005 02:51, Dale Pontius wrote: >> =20 >> >>> I decided to try running BIND on the SELinux system. I get this=20 >>> message: >>> * Starting named ... >>> named: capset failed: Operation not permitted: please ensure that the >>> capset kernel module is loaded. see insmod(8) >>> >>> I've made sure that "commoncap" was built and loaded prior to trying = to >>> start BIND. A bit >>> of google searching, and this seemed to have helped everyone else, bu= t >>> not me. =20 >> >> I had the same problem and googled it, and the module I found I had=20 >> to put into /etc/modules.autoload.d/kernel-2.6 was =A8capability=A8, n= ot=20 >> =A8commoncap=A8. But perhaps you=B4re using a 2.4 kernel and it=B4s di= fferent=20 >> - i just subscribed to the mailing list and didn=B4t see the original=20 >> post. >> =20 >> > I saw the "capability" stuff too, and thought that was the same as=20 > "commoncap". So > now I have to ask... Where do you turn on "capability"? I did a "grep=20 > CAP .config" > and got only 2 entries, the one that produced commoncap, and another=20 > that was > completely unrelated. (sound, maybe?) I'm running 2.6, by the way. Never mind... Found it, and it was already built with my current=20 configuration. I just had to modprobe it, and BIND starts. But I still don't know which kernel=20 config switch turned it on. Oh well, my Gentoo SELinux server is now serving=20 something, instead of just consuming electricity and teaching me. Dale --=20 gentoo-hardened@gentoo.org mailing list