Hi,
I did some investigation. strace bind9 ends with this:
capset(0x20071026, 0,
{CAP_DAC_READ_SEARCH|CAP_SETGID|CAP_SETUID|CAP_NET_BIND_SERVICE|CAP_SYS_CHROOT|CAP_SYS_RESOURCE,
CAP_DAC_READ_SEARCH|CAP_SETGID|CAP_SETUID|CAP_NET_BIND_SERVICE|CAP_SYS_CHROOT|CAP_SYS_RESOURCE,
0}) = -1 EINVAL (Invalid argument)
futex(0x38bf04f5c0, 0x81 /* FUTEX_??? */, 2147483647) = 0
write(2, "named: ", 7) = 7
write(2, "syscall(capset) failed: Invalid "..., 111) = 111
write(2, "\n", 1) = 1
exit_group(1) = ?
If I try to emulate the above using
capsh
--caps='cap_dac_read_search,cap_setgid,cap_setuid,cap_net_bind_service,cap_sys_chroot,cap_sys_resource=ep'
-- -c uname
strace gives this:
capset(0x19980330, 0,
{CAP_DAC_READ_SEARCH|CAP_SETGID|CAP_SETUID|CAP_NET_BIND_SERVICE|CAP_SYS_CHROOT|CAP_SYS_RESOURCE,
CAP_DAC_READ_SEARCH|CAP_SETGID|CAP_SETUID|CAP_NET_BIND_SERVICE|CAP_SYS_CHROOT|CAP_SYS_RESOURCE,
0}) = 0
The passed capability list is the same, so the problem seems to lie in
the first argument of capset() that strace does not decode.
Gabor
--
---------------------------------------------------------
MTA SZTAKI Computer and Automation Research Institute
Hungarian Academy of Sciences
---------------------------------------------------------
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
