Date: Sat, 29 Jan 2005 14:39:07 -0800 From: Andrew Clark <andrew.clark@ucsb.edu> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/76834: chrooted ISC dhcpd cannot resolve DNS names or include configs Message-ID: <E1Cv1FD-000E3R-RQ@oit.ucsb.edu> Resent-Message-ID: <200501292240.j0TMeGgR028761@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 76834
>Category: ports
>Synopsis: chrooted ISC dhcpd cannot resolve DNS names or include configs
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Sat Jan 29 22:40:16 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Andrew Clark
>Release: FreeBSD 4.10-STABLE i386
>Organization:
University of California, Santa Barbara
>Environment:
System: FreeBSD oit.ucsb.edu 4.10-STABLE FreeBSD 4.10-STABLE #0: Wed Sep 22 05:43:45 PDT 2004 root@oit.ucsb.edu:/usr/obj/usr/src/sys/OIT i386
isc-dhcp3-server-3.0.1.r14_6
>Description:
This is really two problem reports in one, but both for chrooted behavior.
If running ISC dhcpd in a chroot, you cannot use hostnames in allocations.
ISC dhcpd running in a chroot needs access to a few files from /etc in order to
resolve host names from DNS. Neither the port nor the rc script makes those
files available. You also cannot use a configuration which is separated into
different files.
>How-To-Repeat:
Install port, insert configuration for a host like so:
host foo {
hardware ethernet FIXME;
fixed-address host.domain;
}
Insert line to include file in dhcpd.conf, attempt to run dhcpd in chroot and
note that file is not present in the chroot to be included.
>Fix:
Copy those files from /etc to chroot /etc.
I believe the files needed are as follows:
/etc/
host.conf
hosts
localtime
resolv.conf
Here's two patches to the isc-dhcpd.sh rc script. The first copies the above
files to the chroot at startup. An rc variable could control this behavior.
--- isc-dhcpd.sh.orig Sat Jan 29 14:19:55 2005
+++ isc-dhcpd.sh.ns Sat Jan 29 14:35:01 2005
@@ -450,6 +450,14 @@
safe_copy ${dhcpd_devdir} ${_dhcpd_devdir}
fi
safe_copy ${dhcpd_conffile} ${_dhcpd_conffile}
+
+ # copy files out of /etc for name resolution
+ # host.conf hosts localtime resolv.conf
+ safe_mkdir ${_dhcpd_rootdir}/etc
+ safe_copy /etc/host.conf ${_dhcpd_rootdir}/etc/host.conf
+ safe_copy /etc/hosts ${_dhcpd_rootdir}/etc/hosts
+ safe_copy /etc/localtime ${_dhcpd_rootdir}/etc/localtime
+ safe_copy /etc/resolv.conf ${_dhcpd_rootdir}/etc/resolv.conf
fi
}
The second allows definition of a directory to copy to the chroot at startup,
generally for purposes of included configuration files. This adds a new
rc.conf variable, (I named it 'dhcpd_include_dir'), used like so:
dhcpd_include_dir="/usr/local/etc/dhcp/includes" # dhcpd.conf includes
--- isc-dhcpd.sh.orig Sat Jan 29 14:19:55 2005
+++ isc-dhcpd.sh.inc Sat Jan 29 14:36:08 2005
@@ -37,6 +37,9 @@
dhcpd_hostname=${dhcpd_hostname:-} # jail hostname
dhcpd_ipaddress=${dhcpd_ipaddress:-} # jail ip address
+dhcpd_include_dir=${dhcpd_include_dir:-} # directory to be copied to chroot
+ # useful for included config files
+
safe_run () # rc command [args...]
{
local _rc
@@ -409,6 +412,7 @@
_dhcpd_conffile=${dhcpd_rootdir}${dhcpd_conffile}
_dhcpd_pidfile=${dhcpd_rootdir}${dhcpd_pidfile}
_dhcpd_leasesfile=${dhcpd_rootdir}${dhcpd_leasesfile}
+ _dhcpd_include_dir=${dhcpd_rootdir}${dhcpd_include_dir}
}
setup_compat ()
@@ -450,6 +454,12 @@
safe_copy ${dhcpd_devdir} ${_dhcpd_devdir}
fi
safe_copy ${dhcpd_conffile} ${_dhcpd_conffile}
+
+ # copy dhcpd_include_dir if defined
+ if [ -d "${dhcpd_include_dir}" ]; then
+ safe_mkdir ${_dhcpd_include_dir}
+ safe_copy ${dhcpd_include_dir} ${_dhcpd_include_dir}
+ fi
fi
}
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1Cv1FD-000E3R-RQ>