From owner-freebsd-stable Mon Dec 3 13:13:37 2001 Delivered-To: freebsd-stable@freebsd.org Received: from lorax.neutraldomain.org (dsl027-187-101.sfo1.dsl.speakeasy.net [216.27.187.101]) by hub.freebsd.org (Postfix) with ESMTP id E4A3037B41B for ; Mon, 3 Dec 2001 13:13:11 -0800 (PST) Received: by lorax.neutraldomain.org (Postfix, from userid 1001) id AC0ABCE91; Mon, 3 Dec 2001 13:13:16 -0800 (PST) Date: Mon, 3 Dec 2001 13:13:16 -0800 From: Gabriel Rocha To: freebsd-stable@FreeBSD.org Subject: Handbook addition suggestion Message-ID: <20011203131316.B4133@neutraldomain.org> Mail-Followup-To: freebsd-stable@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG After laboring for a little while to get named running properly under a chroot I came up with the following sequence, which is a slight deviation from the handbook's "Chroot howto." Granted, you don't need the two libs for named to run in the chroot, but named-xfer would be nice to have and it dies with a signal 6 if ld-elf.so.1 is not where it wants it to be. The problem goes away entirely if you compile things statically, but I always figured the handbook was for newbies as much as for non-newbies to use for reference. Also, the mention of the very few files needed for the chroot to work would be nice, namely /dev/null and /dev/random. Following is my (perhaps overly detailed sometimes) step-by-step guide for a working named chroot. --Gabe PS- I dont mean for the whole thing to be added to the handbook, perhaps just the devices that really need to be there and a reference to shared libs. Although adding this to /usr/share/examples/bind (it doesn't exist yet) would prove useful for newbies and non-newbies to come. mkdir -p /etc/namedb/sandbox/etc/namedb/master mkdir /etc/namedb/sandbox/etc/namedb/slave mkdir -p /etc/namedb/sanbox/usr/libexec mkdir /etc/namedb/sanbox/usr/lib mkdir -p /etc/namedb/sanbox/var/run mkdir /etc/namedb/sandbox/dev cd /etc/namedb/sandbox/dev mknod null c 2 2 mknod random c 2 3 cd /etc/namedb/sandbox/etc cp /etc/localtime . cd /etc/namedb/sandbox/etc/namedb cp /etc/namedb/named.root . cp /etc/namedb/named.conf . cd /etc/namedb/sandbox/etc/namedb/master cp /etc/namedb/localhost.rev . cd /etc/namedb/sandbox/usr/lib cp /usr/lib/libc.so.4 . cd /etc/namedb/sandbox/usr/libexec cp /usr/libexec/ld-elf.so.1 . cp /usr/libexec/named-xfer . lorax# cat /etc/namedb/sandbox/etc/namedb/named.conf options { directory "/etc/namedb"; listen-on { 192.168.0.1; }; version "foo"; zone "." { type hint; file "named.root"; }; zone "0.0.127.IN-ADDR.ARPA" { type master; file "master/localhost.rev"; }; zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" { type master; file "master/localhost.rev"; }; lorax# cat /etc/rc.conf syslogd_enable="YES" syslogd_flags="-s -l /etc/namedb/sandbox/var/run/log" named_enable="YES" named_program="named" named_flags="-u bind -g bind -t /etc/namedb/sandbox /etc/namedb/named.conf" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message