From owner-freebsd-stable@FreeBSD.ORG  Tue Jul  5 06:32:17 2005
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8C1C916A41C
	for <freebsd-stable@freebsd.org>; Tue,  5 Jul 2005 06:32:17 +0000 (GMT)
	(envelope-from dwmalone@maths.tcd.ie)
Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11])
	by mx1.FreeBSD.org (Postfix) with SMTP id E0FC043D46
	for <freebsd-stable@freebsd.org>; Tue,  5 Jul 2005 06:32:16 +0000 (GMT)
	(envelope-from dwmalone@maths.tcd.ie)
Received: from walton.maths.tcd.ie ([134.226.81.10] helo=walton.maths.tcd.ie)
	by salmon.maths.tcd.ie with SMTP id <aa74593@salmon>;
	5 Jul 2005 07:32:15 +0100 (BST)
Date: Tue, 5 Jul 2005 07:32:15 +0100
From: David Malone <dwmalone@maths.tcd.ie>
To: K?vesd?n G?bor <gabor.kovesdan@t-hosting.hu>
Message-ID: <20050705063215.GA50936@walton.maths.tcd.ie>
References: <42C9B584.8040805@t-hosting.hu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <42C9B584.8040805@t-hosting.hu>
User-Agent: Mutt/1.5.6i
Sender: dwmalone@maths.tcd.ie
Cc: freebsd-stable@freebsd.org
Subject: Re: BIND vs. mac_portacl
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jul 2005 06:32:17 -0000

On Tue, Jul 05, 2005 at 12:17:40AM +0200, K?vesd?n G?bor wrote:
> The bind user has the uid 55. I've added a rule for it, as You can see, 
> but it doesn't help. I get this error with the ruleset can be seen 
> above, and also without any rules. But apache works. It can change to 
> the www user. Proftpd can change to the proftpd user. BIND is the only 
> one that doesn't work. What's wrong?

The portrange stuff doesn't work for IPv6 sockets at the moment,
and I suspect that BIND is trying to bind to some IPv6 ports (or
maybe to the IPv6 wildcard port, which can cover the IPv4 addresses
too). I'm planning to fix the portrange stuff soon, but just haven't
had time yet - I'll try to get to it by the end of the week.

If you don't actually want to use IPv6, you could give explicit
addresses to named using the listen-on and query-source directives.
Alternatively, a kernel without IPv6 might work.

	David.