Hi!
I removed CAP_NET_ADMIN and it doesn't work then.
Here is a part of the strace with CAP_NET_ADMIN disabled.
# strace /usr/sbin/pure-ftpd-mysql:
capset(0x19980330, 0, {CAP_CHOWN|CAP_DAC_READ_SEARCH|CAP_SETGID|CAP_SETUID|CAP_NET_BIND_SERVICE|CAP_NET_ADMIN|CAP_SYS_CHROOT|CAP_SYS_NICE, CAP_CHOWN|CAP_DAC_READ_SEARCH|CAP_SETGID|CAP_SETUID|CAP_NET_BIND_SERVICE|CAP_NET_ADMIN|CAP_SYS_CHROOT|CAP_SYS_NICE, }) = -1 EPERM (Operation not permitted)
rt_sigprocmask(SIG_BLOCK, ~[RTMIN], [], 8) = 0
fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 0), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40018000
write(1, "421 Unable to switch capabilitie"..., 61421 Unable to switch capabilities : Operation not permitted
) = 61
Christoph
OpenVZ Forum
Members
Search
Help
Register
Login
Home
