DHCP Server 4.2.3-P2 with failover and -chroot
Niall O'Reilly
Niall.oReilly at ucd.ie
Thu Mar 29 07:47:17 UTC 2012
Thanks for the hints, Glenn.
On 29 Mar 2012, at 01:11, Glenn Satchell wrote:
> In the jail you'll need etc/nsswitch.conf, plus any libraries and files to
> implement the hosts resolution methods you specify there. eg if you use
> files then you'll need etc/hosts; if you use dns then you'll need
> etc/resolv.conf plus the appropriate libraries (probably something like
> lib/libnss*). A lot of this depends on when the chroot() function is
> called - it can be done early (before files and sockets are opened) or
> late (after all the required files and sockets are open).
It seems to be not late enough. 8-)
Years of routine use of chroot with 3.1.0 and earlier didn't
prepare me for the additional requirements which have arisen
with the combination of failover and 4.2.3.
> This varies a bit by distro, and I haven't done this on RedHat. Some
> systems have a script of man page for setting up anonymous ftp, which also
> uses a chroot jail. A similar setup applies here so those documents may
> help.
My current sufficient solution is to use 'mount --bind'
to provide instances of /etc, /dev, and /lib64 within
the jail.
Trimming this back to what is strictly necessary is
another day's work (at least).
/Niall
More information about the dhcp-users
mailing list