[vserver] bind and vserver, more info

About this list Date view Thread view Subject view Author view Attachment view

From: Jacques Gelinas (jack_at_solucorp.qc.ca)
Date: Wed Feb 20 2002 - 15:49:14 EST


I have looked at bind. I found out why it is failing. When named starts, it tries
to reduce its own capabilities. Good. Unfortunatly, it selects a very tiny
set of capability, but one too many. named tries to get CAP_SYS_RESOURCE
and by default, vservers do not have this capability.

If you put the following line in the vserver configuration file (/etc/vservers/xx.conf)

S_CAPS="CAP_SYS_RESOURCE"

then named start up fine.

But this is annoying. CAP_SYS_RESOURCE allows a process to raise its "ulimit"
resources. Normally, a process can only reduce its limits. On most linux
distro, root has unlimited resource. Ideally, a vserver should have some
rather high resources (but not unlimited) (number of file handle, memory, etc...)
and each process is allowed to reduce it further.

Given that named is normally run as root, as as such has plenty of resource, I can
only see the process reducing its resources.

Anyone has experience with named and its way of handling resources ?

---------------------------------------------------------
Jacques Gelinas <jack_at_solucorp.qc.ca>
vserver: run general purpose virtual servers on one box, full speed!
http://www.solucorp.qc.ca/miscprj/s_context.hc


About this list Date view Thread view Subject view Author view Attachment view

This archive was generated by hypermail 2.1.4 : Mon Aug 19 2002 - 12:01:01 EDT