chrooting bind
Kevin Darcy
kcd at daimlerchrysler.com
Tue Aug 14 20:05:20 UTC 2001
Why are you using /usr/sbin/chroot to chroot named instead of named's built-in chroot mechanism (-t)?
The way you're doing it, you need to populate the chroot jail with all sorts of crap. The lack of
some library or device node or whatever is probably what is causing the startup to fail.
- Kevin
Christopher L. Barnard wrote:
> I am chrooting bind (9.1.3), and I am using an actual chroot rather than just
> starting it with the -t option. This is a Solaris 7 box, if it matters.
>
> I think everything is set up; $jail/etc, $jail/dev, $jail/usr, etc. are all
> set up. I have the config file logging to a file (not syslog) within the
> jail.
>
> Upon startup (/usr/sbin/chroot /opt/named.jail /usr/local/sbin/named -u named)
> it appears to work fine according to the logs:
>
> /var/adm/messages
> Aug 14 11:30:51 srvns2 /usr/local/sbin/named[8333]: starting BIND 9.1.3 -u named
> Aug 14 11:30:51 srvns2 /usr/local/sbin/named[8333]: command channel listening on 164.74.31.202#953
>
> and /opt/named.jail/var/log/named.log
> Aug 14 11:30:53.083 general: info: running
>
> However, named dies immediately. A grep of the process table for named shows
> that it is not running, and nothing is transferred from the primary, even if I
> delete all the zone files.
>
> Reverting back to a non-chrooted environment, but otherwise the same setup (in
> particular the non-root user) works fine.
>
> Can anyone suggest what else to try?
>
> Christopher
> +-----------------------------------------------------------------------+
> | Christopher L. Barnard O When I was a boy I was told that |
> | cbarnard at tsg.cbot.com / \ anybody could become president. |
> | (312) 347-4901 O---O Now I'm beginning to believe it. |
> | http://www.cs.uchicago.edu/~cbarnard --Clarence Darrow |
> +----------PGP public key available via finger or PGP keyserver---------+
More information about the bind-users
mailing list