bind9 / chroot
Y. Makki
bugzilla at sympatico.ca
Mon Jan 26 19:54:08 UTC 2004
It seems very simple so far (the chrooting part at least). I guess
similar knowledge could be applied to running httpd in a chroot too.
Thanks for your informative replies everyone :)
On Mon, 2004-01-26 at 13:50, Bevan C. Bennett wrote:
> Y. Makki wrote:
> > So I assume configurations files go in /var/named/chroot too. How would
> > you actually run bind then, just via the regular init.d script? it is
> > preconfigured and knows it has to run in a chroot?
>
> Everything (including config files) needs to be under /var/named/chroot,
> because once the chroot takes hold, that's all that the named will be
> able to see. Installing the named-chroot package takes care of creating
> the extra stuff in /var/named/chroot/bin and /var/named/chroot/lib that
> you'll need (the trickiest part to using chroot is making sure you have
> local copies of the correct libraries and binaries).
>
> The setting
> ROOTDIR=/var/named/chroot
> in /etc/sysconfig/named is where you'd enable named to run in chroot
> mode. This is picked up by the following code in /etc/init.d/named (You
> can learn a lot by studying the startup scripts in /etc/init.d):
>
> if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then
> OPTIONS="${OPTIONS} -t ${ROOTDIR}"
> fi
> daemon /usr/sbin/named -u named ${OPTIONS}
>
> So named gets run with "-t /var/named/chroot", which 'man named' will
> verify informs named to chroot itself.
>
> The only caveat is that you should specify the paths to your files
> relative to /var/named/chroot. I created a directory
> /var/named/chroot/data and specify "directory "/data";" in
> /var/named/chroot/etc/named.conf.
>
More information about the fedora-list
mailing list