On Sat, Oct 29, 2005 at 05:57:13PM +0200, Jens Holze wrote: > 2005/10/29, Herbert Poetzl <[EMAIL PROTECTED]>: > > On Fri, Oct 28, 2005 at 04:53:49PM +0200, Jens Holze wrote: > > > Hi! > > > > > > I've just set up the latest vserver on FC4 and added two vservers one > > > based on debian sarge the other on FC4. The debian one should do some > > > basic networking stuff and backups. Therefore I'd like to run dnsmasq > > > on it. I installed it but when I activated it's dhcp function, i get > > > this message at boot: > > > > > > Starting DNS forwarder and DHCP server: dnsmasqdnsmasq: cannot create > > > DHCP packet socket: Operation not permitted. Is CONFIG_PACKET enabled > > > in your kernel? (failed). > > > > > > Of course, CONFIG_PACKET is enabled in kernel, so I'm not really > > > sure what to do to get the program running. Do I need to add S_CAPS > > > options? > > > > well, depends on what the tool is 'trying' to do ... > > maybe it is opening a raw socket (or trying to do so) > > at least the DHCP stuff seems to point into that direction > > Well, dnsmasq is a dhcp and dns server which is actually what I want > it to do because names of all the machines that get ips and announce > their names via dhcp are automatically put together (it's hard work to > do this with bind and dhcp). The server will not be publically > accessible (lowered security is no problem) it's simply because I like > debian and thought I could have a virtual debian on fedora (and it > works well apart from this problem) where I could put all the > uninteresting network services... > > > this would mean that it would require CAP_NET_RAW which > > in turn would permit interface sniffing inside the guest > > I found that I needed to create a .conf for my server (there was none > before this) and put the SCAPS variable in it. But nothing changed > when booting the server. Where can I see that the options are actually > recognized?
the .conf file is legacy stuff, don#t use it for new guests the capabilities go to the bcapabilities file in your guest config tree (see Flower Page for details) > > maybe the DHCP stuff can be deactivated via some config > > option (for dnsmasqd)? > > Yes, it can. But that's not what I intended. Is it really a problem to > run a dhcp inside a vserver? no problem, if the sniffing isn't an issue ... so it's fine in your case, just add the CAP_NET_RAW and probably the CAP_NET_BROADCAST too, for dhcp, maybe you also need to add the broadcast address to the assigned ips (depends on how this dhcp works) HTH, Herbert > Jens > > > best, > > Herbert > > > > > Thanks in advance! > > > > > > Jens > > > > > > -- > > > -- > "Wars not make one great" - Master Yoda > [EMAIL PROTECTED] - http://yodahome.de > ICQ: 252623701 > watch http://littlevampire.yodahome.de > the relaunch is coming on Halloween '05 > > senseless wisdom of life - > my geeky blog under http://yodahome.de/blog > _______________________________________________ > Vserver mailing list > [email protected] > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
