Setting up chroot on Solaris 9 with BIND 9 -t switch

Sten Carlsen ccc2716 at vip.cybercity.dk
Thu Jan 6 00:26:30 UTC 2005


-- Attached file included as plaintext by Ecartis --

You could have two different sets of information in the configs in the 
jail and outside. You could then query for this special info to see 
which set of the two it uses. As  I understand it, it must use the one 
in the jail if it works.

Bill Larson wrote:

>On Jan 5, 2005, at 11:20 AM, kaiser_cernino at hotmail.com wrote:
>  
>
>>I was doing a jail for my dns server (named), but have 1 big problem,
>>my jail dont function.
>>I read a lot papers about this, but ever when i can access with my
>>named user to the jail, this user can see the wide system , in other
>>words dont see the jail.
>>
>>PLZZZZZZZZZZZ!
>>i need a procedure of how can i do a jail using solaris 9, and how can
>>test this jail do its job.
>>
>>The service without jail is perfect.
>>Iam using;
>>SOLARIS 9
>>BIND 9.3 downloaded from www.blastwave.org
>>
>>To consider:
>>To test the jail, i set a bash shell to the user asigned to named jail.
>>    
>>
>
>Take a look at the "Secure BIND Template" at 
>http://www.cymru.com/Documents/secure-bind-template.html.  There is a 
>section about configuring a chroot environment for Solaris.
>
>Please note that the only way to test a chroot environment for BIND is 
>to break out of the BIND application itself over port 53.  There is no 
>way to "log into the system as the chroot user" through the named 
>process.  Basically, you will have to trust that the chroot environment 
>functions properly.  It will if you have set up the chroot directory 
>structure and are running "named" with the "-t" option.
>
>Bill Larson
>
>
>  
>

-- 
Best regards

Sten Carlsen

Let HIM who has an empty INBOX send the first mail.




-- Binary/unsupported file stripped by Ecartis --
-- Type: application/x-pkcs7-signature
-- File: smime.p7s
-- Desc: S/MIME Cryptographic Signature




More information about the bind-users mailing list