From owner-freebsd-questions@FreeBSD.ORG Fri Dec 10 01:36:07 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B686316A4CE for ; Fri, 10 Dec 2004 01:36:07 +0000 (GMT) Received: from smtp.ucsb.edu (ucsb.edu [128.111.24.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 829D243D4C for ; Fri, 10 Dec 2004 01:36:07 +0000 (GMT) (envelope-from andrew.clark@ucsb.edu) Received: from modulus.oit.ucsb.edu ([128.111.12.24]) by smtp.ucsb.edu with asmtp TLSv1:AES256-SHA:256 id 1CcZhX-00025d-9w for freebsd-questions@freebsd.org; Thu, 09 Dec 2004 17:36:07 -0800 Date: Thu, 09 Dec 2004 17:36:06 -0800 From: "Andrew D. Clark" To: freebsd-questions@freebsd.org Message-ID: <03A7E69723C92CF418FACA2F@modulus.oit.ucsb.edu> In-Reply-To: References: X-Mailer: Mulberry/3.1.6 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Re: isc-dhcp3-server chroot behavior X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Dec 2004 01:36:07 -0000 Here's a patch to the isc-dhcpd.sh script in /usr/local/etc/rc.d that handles copying a few files out of /etc into the chroot for name resolution and also handles copying a directory of configs to be included (handy if you want to modularize the config): --- isc-dhcpd.sh.orig Fri Dec 3 14:21:50 2004 +++ isc-dhcpd.sh Fri Dec 3 15:39:03 2004 @@ -11,6 +11,19 @@ # dhcpd_enable="YES" # +# ADC - I've made a few changes to this file. +# +# In order for name resolution to work (necessary if you want to use DNS +# names in the config (e.g. fixed-address somehost instead of some IP) +# copy the following out of /etc: host.conf hosts localtime resolv.conf +# +# define a directory containing included config files and copy those +# to the chroot too. Otherwise, the real included configs must live in +# the chroot. This is confusing compared to the behavior of dhcpd.conf, +# which is copied from /usr/local/etc/dhcpd.conf to the chroot at startup +# and the chrooted copy should not be edited (since changes are lost at +# startup) + . /usr/local/etc/rc.subr name=dhcpd @@ -37,6 +50,10 @@ dhcpd_hostname=${dhcpd_hostname:-} # jail hostname dhcpd_ipaddress=${dhcpd_ipaddress:-} # jail ip address +# added by ADC +dhcpd_include_dir=${dhcpd_include_dir:-} # directory containing included + # config files + safe_run () # rc command [args...] { local _rc @@ -409,6 +426,10 @@ _dhcpd_conffile=${dhcpd_rootdir}${dhcpd_conffile} _dhcpd_pidfile=${dhcpd_rootdir}${dhcpd_pidfile} _dhcpd_leasesfile=${dhcpd_rootdir}${dhcpd_leasesfile} + + # + # added by ADC + _dhcpd_include_dir=${dhcpd_rootdir}${dhcpd_include_dir} } setup_compat () @@ -450,6 +471,22 @@ safe_copy ${dhcpd_devdir} ${_dhcpd_devdir} fi safe_copy ${dhcpd_conffile} ${_dhcpd_conffile} + + # + # added by ADC - copy files out of /etc for name resolution + # host.conf hosts localtime resolv.conf + safe_mkdir ${_dhcpd_rootdir}/etc + safe_copy /etc/host.conf ${_dhcpd_rootdir}/etc/host.conf + safe_copy /etc/hosts ${_dhcpd_rootdir}/etc/hosts + safe_copy /etc/localtime ${_dhcpd_rootdir}/etc/localtime + safe_copy /etc/resolv.conf ${_dhcpd_rootdir}/etc/resolv.conf + + # + # added by ADC - copy dhcpd_include_dir if defined + if [ -d "${dhcpd_include_dir}" ]; then + safe_mkdir ${_dhcpd_include_dir} + safe_copy ${dhcpd_include_dir} ${_dhcpd_include_dir} + fi fi } --On Friday, December 03, 2004 02:38:41 PM -0800 "Andrew D. Clark" wrote: > Hello, > > I'm using the chrooted isc-dhcp3-server and I'd like the startup > script to do a few extra things which it does not. In order for name > resolution to work for a chrooted dhcp server, the following files > must be in /etc in the chroot: > > host.conf hosts localtime resolv.conf > > The startup script doesn't handle copying those into the chroot, > though I think it should. Name resolution is handy if one wants to > do something like: > > host somehost { > hardware ethernet blahblah; > fixed-address somehost.somedomain; > } > > instead of using an IP address as the parameter for the fixed-address > argument. > > I'd also like to add a feature to the rc script whereby one can > define a directory containing configs to be included in the > dhcpd.conf to also be copied to the chroot. A large configuration > file is often easier to handle if it is broken up into smaller files > which are included into the dhcpd.conf. If these included files > lived only in the chroot, they'd have to be edited there, which would > be confusing compared to the behavior of the dhcpd.conf in the > chroot, which is copied from /usr/local/etc/dhcpd.conf at startup. > > I'm running isc-dhcp3-server-3.0.1.r14_6 > I'll happily submit a patch against the current rc script which > implements these features if desired. > > -- > Andrew Clark > Campus Network Programmer > Office of Information Technology > University of California, Santa Barbara > andrew.clark@ucsb.edu (805) 893-5311 -- Andrew Clark Campus Network Programmer Office of Information Technology University of California, Santa Barbara andrew.clark@ucsb.edu (805) 893-5311