DHCP Server 4.2.3-P2 with failover and -chroot

Niall O'Reilly Niall.oReilly at ucd.ie
Thu Mar 29 07:47:17 UTC 2012


	Thanks for the hints, Glenn.

On 29 Mar 2012, at 01:11, Glenn Satchell wrote:

> In the jail you'll need etc/nsswitch.conf, plus any libraries and files to
> implement the hosts resolution methods you specify there. eg if you use
> files then you'll need etc/hosts; if you use dns then you'll need
> etc/resolv.conf plus the appropriate libraries (probably something like
> lib/libnss*). A lot of this depends on when the chroot() function is
> called - it can be done early (before files and sockets are opened) or
> late (after all the required files and sockets are open).

	It seems to be not late enough. 8-)

	Years of routine use of chroot with 3.1.0 and earlier didn't
	prepare me for the additional requirements which have arisen 
	with the combination of failover and 4.2.3.

> This varies a  bit by distro, and I haven't done this on RedHat. Some
> systems have a script of man page for setting up anonymous ftp, which also
> uses a chroot jail. A similar setup applies here so those documents may
> help.

	My current sufficient solution is to use 'mount --bind'
	to provide instances of /etc, /dev, and /lib64 within
	the jail.

	Trimming this back to what is strictly necessary is
	another day's work (at least).

	/Niall



More information about the dhcp-users mailing list