# bind problem... [solved]

## poly_poly-man

So I did what I dread doing - I halted my server (not thinking, command-in-the-wrong-terminal.... splat.  :Sad:  ). I did this once before on my old server with 93 days uptime...

Anyway, this server, among other services, provides DNS for the network, using bind. I tried booting it up, and bind is dead.... it says "named: capset failed: Invalid argument: please ensure that the capset kernel mosule is loaded. see insmod( :Cool: ". Well, I don't have a capset of capabilities kernel module. 

CONFIG_SECURITY_CAPABILITIES is built into the kernel, CONFIG_SECURITY_FILE_CAPABILITIES is not enabled.

I tried emerging libcap, no luck.

How do I fix this?

poly-p man

----------

## SeaTiger

What is your bind USE flag, version? Also what kernel version?

Try emerge/update bind again. As current kernel >2.6.24(I think it is after .24, but could be earlier), it is no longer possible to compile kernel capability as module. So a bind update may fix the problem.

----------

## poly_poly-man

 *junksiu wrote:*   

> What is your bind USE flag, version? Also what kernel version?
> 
> Try emerge/update bind again. As current kernel >2.6.24(I think it is after .24, but could be earlier), it is no longer possible to compile kernel capability as module. So a bind update may fix the problem.

 

```
# emerge -pv bind

These are the packages that would be merged, in order:

Calculating dependencies... done!

[ebuild   R   ] net-dns/bind-9.4.2  USE="ssl threads -berkdb -dlz -doc -idn -ipv6 -ldap -mysql -odbc -postgres -resolvconf (-selinux) -urandom" 0 kB
```

I tried to rebuild bind - that was one of the first things I did try... didn't work  :Sad: 

poly-p man

----------

## SeaTiger

I hope the following will help:

My bind USE:

```
[I] net-dns/bind

     Installed versions:  9.4.2(06:41:31 PM 05/19/2008)(berkdb dlz idn ipv6 ldap mysql odbc resolvconf ssl threads -doc -postgres -selinux -urandom)
```

My kernel Security options page

```
 .config - Linux Kernel v2.6.26-rc2 Configuration

 ──────────────────────────────────────────────────────────────────────────────────────────────

  ┌─────────────────────────────────── Security options ────────────────────────────────────┐

  │  Arrow keys navigate the menu.  <Enter> selects submenus --->.  Highlighted letters are │  

  │  hotkeys.  Pressing <Y> includes, <N> excludes, <M> modularizes features.  Press        │  

  │  <Esc><Esc> to exit, <?> for Help, </> for Search.  Legend: [*] built-in  [ ] excluded  │  

  │  <M> module  < > module capable                                                         │  

  │ ┌─────────────────────────────────────────────────────────────────────────────────────┐ │  

  │ │       -*- Enable access key retention support                                       │ │  

  │ │       [ ]   Enable the /proc/keys file by which keys may be viewed                  │ │  

  │ │       [*] Enable different security models                                          │ │  

  │ │       [*]   Socket and Networking Security Hooks                                    │ │  

  │ │       [*]     XFRM (IPSec) Networking Security Hooks                                │ │  

  │ │       [*]   Default Linux Capabilities                                              │ │  

  │ │       [*] File POSIX Capabilities (EXPERIMENTAL)                                    │ │  

  │ │       (0) Low address space to protect from user allocation                         │ │  

  │ │       [*] NSA SELinux Support                                                       │ │  

  │ │       [*]   NSA SELinux boot parameter                                              │ │  

  │ │       (0)     NSA SELinux boot parameter default value                              │ │  

  │ │       [*]   NSA SELinux runtime disable                                             │ │  

  │ │       [*]   NSA SELinux Development Support                                         │ │  

  │ │       [*]   NSA SELinux AVC Statistics                                              │ │  

  │ │       (1)   NSA SELinux checkreqprot default value                                  │ │  

  │ │       [ ]   NSA SELinux enable new secmark network controls by default              │ │  

  │ │       [ ]   NSA SELinux maximum supported policy format version                     │ │  

  │ │       [ ] Simplified Mandatory Access Control Kernel Support                        │ │  

  │ │                                                                                     │ │  

  │ └─────────────────────────────────────────────────────────────────────────────────────┘ │  

  ├─────────────────────────────────────────────────────────────────────────────────────────┤  

  │                            <Select>    < Exit >    < Help >                             │  

  └─────────────────────────────────────────────────────────────────────────────────────────┘  
```

----------

## poly_poly-man

made USE -threads... no more capabilities dependency.

poly-p man

----------

