DNS+chroot (Linux): no libraries needed in chroot cell !?!

Dave Lugo dlugo at stk.com
Thu Aug 12 17:23:26 UTC 1999 


"Dr. Dorothea Muecke-Herzberg" wrote:

> Hi there,
>
> has anyone tried to run named chrooted and can help me with my
> problems? (running Linux-2.2.6 on a Compaq Proliant1600 and
> bind-8.2.1)
>
> First:
> I did build named according to INSTALL. (No problems there,
> except if I want to build a statically linked version, but that's
> another story)
>
> For testing purposes I built a chroot environment without any
> libraries
> to see which ones are needed and started holelogd (for binding
> /jail/dns/root/dev/log to syslogd) and named:
>    named -u named -g named -t /jail/dns/root
>
> To my utter surprise named started without any complaint !?!
> Here you see the excerpt of /var/log/messages:
>
>  Jul 21 12:40:42 bastion named[2770]: starting.  named 8.2.1
>  Jul 20 14:50:08 GMT 1999 ^Iroot at bastion:/jail/src/dns/src/bin/named
>  Jul 21 12:40:42 bastion named[2770]: hint zone "" (IN) loaded
> (serial0)
>    .
>    .
>  Jul 21 12:40:42 bastion named[2770]: listening on [127.0.0.1].53 (lo)
>  Jul 21 12:40:42 bastion named[2770]: Forwarding source address is
>    [0.0.0.0].53
>  Jul 21 12:40:42 bastion named[2771]: chrooted to /jail/dns/root
>  Jul 21 12:40:42 bastion named[2771]: group = named
>  Jul 21 12:40:42 bastion named[2771]: user = named
>  Jul 21 12:40:42 bastion named[2771]: Ready to answer queries.
>
> First question: What is going on here? Why doesn't named need the
> shared libraries?
>

becase you're using the named chroot option, instead of chrooting
it from the start, like this:

chroot /usr/local/bind /sbin/named -b /dbfiles_internal/named.conf  -u
named -g  named



> _______________________
>
> Second:
> My second problem appears 45 min later. See /var/log/messages:
>
>  Jul 21 13:28:02 bastion named[2937]: can't exec /usr/sbin/named-xfer:
>  No such file or directory
>
> But there is an named-xfer in /jail/dns/root/usr/sbin (in /usr/sbin
> too!)!
> According to the above logfile the chroot to /jail/dns/root worked
> fine.
>

Is there a namd-xfer in  /usr/sbin/named-xfer  (not the chroot area)


>
> Second question: Has someone experienced the same? Can someone tell me
> what's wrong?
> ________________________
>
> Any help will be appreciated. Thanks in advance
>
> Dorothea

--

-----------------------------------------------
 Dave Lugo                | dlugo at stk.com
 Systems/Network Admin.   | http://www.stk.com
 Analytical Graphics Inc. | (610)578-1000
-----------------------------------------------

More information about the bind-users mailing list