chroot-jail

[Mark.Andrews at nominum.com]

> hi,
> 
> thanks for the reply.
> 
> how can statically-link the lib files during build times?
> 
> i use bsdi 4.1 and i edited the Makefile.set file in the /src/port/bsdos
> dir.
> changed the line: 
> 'CDEBUG=-O -g'
> to
> 'CDEBUG=-O -static'
> but have not been able to transfer zones. have i done it right?
> the error i get:
> #ndc start -u named -g named -t /chroot/named/
> ndc: error: name server has not started (yet?)

	You got this error because named will be using
	/chroot/named/var/run/ndc as its control socket while ndc is
	using /var/run/ndc.  You have created /chroot/named/var/run
	and the user named can write to it?

	Use "ndc -c /chroot/named/var/run/ndc ...".

> 
> i get this error with and without the -u named -g named option. named
> starts but zones aren't transfered.

	What is logged by named?
	You have install named-xfer in /chroot/named/usr/libexec?

> 
> what are the lib files needed by named and named-xfer if i were to
> manually copy them in the /chroot/named/usr/libexec directory? how do i
> know the lib files needed by named and named-xfer in bsdi 4.1.
> 
> any help would be highly appreciated.
> 
> regards,
> deepak
> 
> On Thu, 4 May 2000, Ralf Hildebrandt wrote:
> 
> > On Thu, May 04, 2000 at 05:17:18PM +0545, Deepak Shrestha wrote:
> > 
> > > As an alternative, you could simply build statically-linked versions of
> > > the BIND binaries to put in your chroot jail. 
> > > 
> > > how can we statically-link the lib files?
> > 
> > At build time of the binaries.
> > 
> > > and why is it necessary?
> > 
> > It's not. Haven't you read what you just quoted??
> > By statically linking the binaries against the libraries you don't need the
> > dynamic libraries in the chroot-area (they're IN the binaries itself).
> > 
> > 
> > 
> 
> 
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com