Setting up chroot on Solaris 9 with BIND 9 -t switch
Sten Carlsen
ccc2716 at vip.cybercity.dk
Thu Jan 6 00:26:30 UTC 2005
-- Attached file included as plaintext by Ecartis --
You could have two different sets of information in the configs in the
jail and outside. You could then query for this special info to see
which set of the two it uses. As I understand it, it must use the one
in the jail if it works.
Bill Larson wrote:
>On Jan 5, 2005, at 11:20 AM, kaiser_cernino at hotmail.com wrote:
>
>
>>I was doing a jail for my dns server (named), but have 1 big problem,
>>my jail dont function.
>>I read a lot papers about this, but ever when i can access with my
>>named user to the jail, this user can see the wide system , in other
>>words dont see the jail.
>>
>>PLZZZZZZZZZZZ!
>>i need a procedure of how can i do a jail using solaris 9, and how can
>>test this jail do its job.
>>
>>The service without jail is perfect.
>>Iam using;
>>SOLARIS 9
>>BIND 9.3 downloaded from www.blastwave.org
>>
>>To consider:
>>To test the jail, i set a bash shell to the user asigned to named jail.
>>
>>
>
>Take a look at the "Secure BIND Template" at
>http://www.cymru.com/Documents/secure-bind-template.html. There is a
>section about configuring a chroot environment for Solaris.
>
>Please note that the only way to test a chroot environment for BIND is
>to break out of the BIND application itself over port 53. There is no
>way to "log into the system as the chroot user" through the named
>process. Basically, you will have to trust that the chroot environment
>functions properly. It will if you have set up the chroot directory
>structure and are running "named" with the "-t" option.
>
>Bill Larson
>
>
>
>
--
Best regards
Sten Carlsen
Let HIM who has an empty INBOX send the first mail.
-- Binary/unsupported file stripped by Ecartis --
-- Type: application/x-pkcs7-signature
-- File: smime.p7s
-- Desc: S/MIME Cryptographic Signature
More information about the bind-users
mailing list