bind9 / chroot

[Y. Makki]

It seems very simple so far (the chrooting part at least). I guess
similar knowledge could be applied to running httpd in a chroot too.
Thanks for your informative replies everyone :)


On Mon, 2004-01-26 at 13:50, Bevan C. Bennett wrote:
> Y. Makki wrote:
> > So I assume configurations files go in /var/named/chroot too. How would
> > you actually run bind then, just via the regular init.d script? it is
> > preconfigured and knows it has to run in a chroot?
> 
> Everything (including config files) needs to be under /var/named/chroot, 
> because once the chroot takes hold, that's all that the named will be 
> able to see.  Installing the named-chroot package takes care of creating 
> the extra stuff in /var/named/chroot/bin and /var/named/chroot/lib that 
> you'll need (the trickiest part to using chroot is making sure you have 
> local copies of the correct libraries and binaries).
> 
> The setting
> ROOTDIR=/var/named/chroot
> in /etc/sysconfig/named is where you'd enable named to run in chroot 
> mode. This is picked up by the following code in /etc/init.d/named (You 
> can learn a lot by studying the startup scripts in /etc/init.d):
> 
>          if [ -n "${ROOTDIR}" -a "x${ROOTDIR}" != "x/" ]; then
>                  OPTIONS="${OPTIONS} -t ${ROOTDIR}"
>          fi
>          daemon /usr/sbin/named -u named ${OPTIONS}
> 
> So named gets run with "-t /var/named/chroot", which 'man named' will 
> verify informs named to chroot itself.
> 
> The only caveat is that you should specify the paths to your files 
> relative to /var/named/chroot. I created a directory 
> /var/named/chroot/data and specify "directory "/data";" in 
> /var/named/chroot/etc/named.conf.
>