questions about chrooting bind 8.3.3
Hi, I have a question about chrooting bind 8.3.3
I have used the setup as described in
http://people.debian.org/~pzn/howto/chroot-bind.sh.txt ... but when I
then start bind evrything looks right but when I do a lsof -p <pid of
named> I see:
command to start bind:
start-stop-daemon --start --quiet --exec /usr/sbin/named -- -u named -g
named -t /var/lib/chroot/named/
# lsof -p 22119
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
named 22119 named cwd DIR 8,22 4096 145479
/var/lib/chroot/named/var/cache/bind
named 22119 named rtd DIR 8,22 4096 145467
/var/lib/chroot/named
named 22119 named txt REG 8,6 512088 130880
/usr/sbin/named
named 22119 named mem REG 8,5 82503 30185
/lib/ld-2.2.5.so
named 22119 named mem REG 8,5 1145456 30223
/lib/libc-2.2.5.so
named 22119 named mem REG 8,5 32664 30232
/lib/libnss_files-2.2.5.so
named 22119 named 0u CHR 1,3 145480
/var/lib/chroot/named/dev/null
named 22119 named 1u CHR 1,3 145480
/var/lib/chroot/named/dev/null
named 22119 named 2u CHR 1,3 145480
/var/lib/chroot/named/dev/null
named 22119 named 3u unix 0xe1086560 5375674 socket
named 22119 named 4u IPv4 5375686 UDP *:32943
named 22119 named 5u unix 0xd9d1ec40 5375676 /var/run/ndc
named 22119 named 20u IPv4 5375680 UDP
localhost:domain
named 22119 named 21u IPv4 5375681 TCP
localhost:domain (LISTEN)
and when I change the command to start bind to :
start-stop-daemon --chroot /var/lib/chroot/named/ --start --pidfile
/var/run/named.pid --exec /usr/sbin/named -- -u named -g named
I see:
# lsof -p 23433
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
named 23433 named cwd DIR 8,22 4096 145479
/var/lib/chroot/named/var/cache/bind
named 23433 named rtd DIR 8,22 4096 145467
/var/lib/chroot/named
named 23433 named txt REG 8,22 512088 145502
/var/lib/chroot/named/usr/sbin/named
named 23433 named mem REG 8,22 82503 145501
/var/lib/chroot/named/lib/ld-linux.so.2
named 23433 named mem REG 8,22 1145456 145500
/var/lib/chroot/named/lib/libc.so.6
named 23433 named mem REG 8,22 32664 146115
/var/lib/chroot/named/lib/libnss_files.so.2
named 23433 named 0u CHR 1,3 145480
/var/lib/chroot/named/dev/null
named 23433 named 1u CHR 1,3 145480
/var/lib/chroot/named/dev/null
named 23433 named 2u CHR 1,3 145480
/var/lib/chroot/named/dev/null
named 23433 named 3u unix 0xef055a80 5239772 socket
named 23433 named 4u IPv4 5239784 UDP *:32942
named 23433 named 5u unix 0xeee6d140 5239774 /var/run/ndc
named 23433 named 20u IPv4 5239778 UDP
localhost:domain
named 23433 named 21u IPv4 5239779 TCP
localhost:domain (LISTEN)
Look at the difference in the libraries, as I can see when I start named
as stated in the script the libraries in the chrooted environment are
not used....
Am I wrong here?
--
J.J. van Gorkum Knowledge Zone
--
If UNIX isn't the solution, you've got the wrong problem.
Reply to: