Re: Chrooting bind 8.1.2 under debian 2.0
I'm replying to debian-user since this is the only relevant list from
those you sent this message to. Please try to avoid sending to more
than one list. I'm NOT on the debian-user list. I got your message
through debian-isp.
On Tue, July 14 1998, cfb <cfb@ocn21.kdd-ok.ne.jp> wrote:
|The main problem seems to be with the way that debian starts bind using
|the script /etc/init.d/bind. I thought it would be really neat to just
|change the #!/bin/sh at the top of the script to something like :
| #!/usr/sbin/chroot /chroot-dns/ /bin/sh
|or
| #!/usr/sbin/chroot /chroot-dns/ /chroot-dns/bin/sh
|but I was getting various errors like "can't change root to
The #! syntax is parsed by the kernel and limits you to a single
argument. It used to also limit the length of the line a lot (like 30
bytes or so) but I trust linux to lift that limitation.
|Ok, so I figured that some obsecure nitche problem with shell invocation
|or usage was preventing this from working; so, I focused my attention on
|the start-stop-daemon utility used in the script. I initially, I tried
|chrooting the start-stop-daemon utility itself, but that failed. I then
How did this fail? Did you update the paths to reflect the fact that
'/' under chroot means '/chroot-dns/'?
|realized that it would be better to --exec /usr/sbin/chroot rather than
|attempt to chroot the start-stop-daemon.
>From the manual of start-stop-daemon it looks like --exec checks for
running processes. It does this by accessing /proc but since you
already chroot'ed the process it won't be able to do that. So you
should probably chroot the program start-stop-daemon executes.
|The main problem with this is that start-stop-daemon would never return
|from its' --exec /usr/sbin/chroot, effectivly hanging up the script at
|that point. All of this was being done remotely, and I made the mistake
|or rebooting the box with this script in place. I have to stop by the
|remote site and fix/reboot the box in person.
|
|Anyone with any clues on how to easily and effectivly chroot bind under
|debian? Worst case, I will rewrite the /etc/init.d/bind script to use
|something other than start-stop-daemon, but I'de really like to stick
|with the mood and tone set /etc/init.d
It's not a testted solution but here is something:
Write a script which contains just:
#!/bin/sh --
exec /usr/sbin/chroot /var/chroot/bind /bind
Call this script something like /usr/local/sbin/chroot-bind (make it
executable) and *run* it using start-stop daemon instead of the binary
directly.
The *stop* clause should stay the same except that the pid file should
be something like /chroot-dns/var/run/named.pid unless you find a
way to specify another file name in named.conf (I don't have the
Debian bind-doc package installed so I can't look for it now)
You'll have to create the directory hierarchy under /chroot-dns/:
/var/named, /etc, /var/run/, /var/tmp and maybe update
/chroot-dns/etc/named.conf
And learn UNIX. You were banging your head against known UNIX
behaviour and documented Debian utilities.
--Amos
--Amos Shapira | "Of course Australia was marked for
133 Shlomo Ben-Yosef st. | glory, for its people had been chosen
Jerusalem 93 805 | by the finest judges in England."
ISRAEL amos@gezernet.co.il | -- Anonymous
--
Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
Reply to: