Re: Problems chrooting BIND 9.2.2 in a Solaris 8 box

From: Joseph Tam (tam_at_math.ubc.ca)
Date: 03/12/04

  • Next message: Adam Morley: "Re: sunscreen and stealth interfaces" 
    Date: Fri, 12 Mar 2004 14:22:27 -0800 (PST)
To: GARCIA CABALLERO Jordi <Jordi.GARCIA@oami.eu.int>

    On Thu, 11 Mar 2004, GARCIA CABALLERO Jordi wrote:

    > Chrooting BIND 9.2.2 in a Solaris 8 02/2002 box, I get this weird error when
    > running named in the jail:
    >
    > # /usr/sbin/chroot /export/home/dns /usr/local/sbin/named -u named
    >
    > What I see from the console
    >
    > Mar 11 18:26:15 oasv020 named[11788]: /etc/named.conf:16: change directory
    > to '/dns/etc' failed: file not found
    > Mar 11 18:26:15 oasv020 named[11788]: /etc/named.conf:16: parsing failed
    > Mar 11 18:26:15 oasv020 named[11788]: loading configuration: file not found
    > Mar 11 18:26:15 oasv020 named[11788]: exiting (due to fatal error)

    I believe that chroot-ing from the command line will chroot the daemon
    too early (i.e. before it has time to grab the prerequisite files) and
    consequently, all file references are relative to the chroot jail directory.
    You may be better off using the -t parameter and let named chroot itself.

    I discovered this while playing around with trying to do exactly what
    you were doing (chroot-ing right from the start -- it requires that
    you set up all the dynamic library and /etc files beforehand or making
    a statically linked executable, a grisly tasks). You may find this useful:

            http://www.math.ubc.ca/~tam/BIND/Notes.txt

    I have since moved on to using DJBDNS, which I recommend.

    Joseph Tam <tam@math.ubc.ca>

  • Next message: Adam Morley: "Re: sunscreen and stealth interfaces"

    Relevant Pages

    • Re: FTP guest access chroot not working
      ... the "root" dir for the chroot is /home/someguy/ftp ... # chroot ftp users ... cannot get out of that jail. ... if you created a symlink inside the jail that points to some real ...
      (comp.unix.sco.misc)
    • Re: /devices jailbreak
      ... however as duplicating device special files does /not/ ... processes in a chroot env will ... duplicates in the chrootjail ultimately lead to the same actual ... But that path will be in the chrootjail, as far as the jailed process ...
      (comp.unix.solaris)
    • Re: /devices jailbreak
      ... processes in a chroot env will ... outside the chroot environment will of course report the device paths ... within the jail as a normal user with the restricted Korn ... directory tree, as expected, except for a couple /devices files ...
      (comp.unix.solaris)
    • Re: /devices jailbreak
      ... however as duplicating device special files does /not/ ... processes in a chroot env will ... duplicates in the chrootjail ultimately lead to the same actual ... But that path will be in the chrootjail, as far as the jailed process ...
      (comp.unix.solaris)
    • Re: exiting chroot()
      ... I understand the need and desire for the chroot jail, ... >> If security is so slack as to let someone login as root to run something ...
      (comp.unix.programmer)