Support of WKS records under chroot
Karatas Ozgur
mueddib at yandex.com
Mon Nov 14 15:05:41 UTC 2016
Dear Mensik;
I wish you the best of success, thanks for patch! I think; your patch uses place to chroot directory. Usually all patchs it is applied to chroot's directory.
For example:
/chroot-directory
+ named
+ dev
+ etc
+ var
Regards,
--
Ozgur Karatas
14.11.2016, 16:27, "Petr Mensik" <pemensik at redhat.com>:
> Hi everyone!
>
> I am a new maintainer of bind package under Fedora, I hope I will contribute with more valuable code later. But simple things first.
> Current BIND will not load WKS records in zones when running under chroot. named-checkzone will fail checking zone files containing WKS record. It will prevent bind from starting in chroot at all in default configuration.
>
> It is possible to load them, if I copy /lib{,64}/libnss_files.so.* and /etc/services and /etc/protocols. Also /etc/nsswitch.conf if default configuration is not good enough.
>
> I have found a simple workaround - to use getservbyname and/or getprotobyname calls before calling chroot call. It forces glibc library of linux to load /lib/libnss_files.so dynamically before it loses access to that file. An advantage is it should support any NSS library that do not need to open unix domain socket later. Of course I still have to make /etc/services and /etc/protocols accessible in chroot (or their *.db variants if db backend is used). But I do not have to make accessible executable code and that is what I want.
>
> I am satisfied with that solution. I am not sure, whether the place I have chosen it the best for it.
> Do you know better place than my patch uses? Or another simple way to make WKS records parseable under chroot?
>
> Cheers,
> --
> Petr Menšík
> Software Engineer
> Red Hat, http://www.redhat.com/
> email: pemensik at redhat.com PGP: 65C6C973
More information about the bind-workers
mailing list