chroot-jail

Deepak Shrestha deepak at mos.com.np
Mon May 8 08:38:18 UTC 2000 


On Mon, 8 May 2000 Mark.Andrews at nominum.com wrote:

> 
> > hi,
> > 
> > thanks for the reply.
> > 
> > how can statically-link the lib files during build times?
> > 
> > i use bsdi 4.1 and i edited the Makefile.set file in the /src/port/bsdos
> > dir.
> > changed the line: 
> > 'CDEBUG=-O -g'
> > to
> > 'CDEBUG=-O -static'
> > but have not been able to transfer zones. have i done it right?
> > the error i get:
> > #ndc start -u named -g named -t /chroot/named/
> > ndc: error: name server has not started (yet?)
> 
> 	You got this error because named will be using
> 	/chroot/named/var/run/ndc as its control socket while ndc is
> 	using /var/run/ndc.  You have created /chroot/named/var/run
> 	and the user named can write to it?
> 
> 	Use "ndc -c /chroot/named/var/run/ndc ...".

	It work only after i copied two lib files in the chroot-jail
directory as mentioned in my earlier mail.

> 
> > 
> > i get this error with and without the -u named -g named option. named
> > starts but zones aren't transfered.
> 
> 	What is logged by named?
> 	You have install named-xfer in /chroot/named/usr/libexec?
>
	no errors are now logged by named. yes, i have copied the
statically linked named-xfer into the /chroot/named/usr/libexec dir.
 
> > 
> > what are the lib files needed by named and named-xfer if i were to
> > manually copy them in the /chroot/named/usr/libexec directory? how do i
> > know the lib files needed by named and named-xfer in bsdi 4.1.
> > 
> > any help would be highly appreciated.
> > 
> > regards,
> > deepak
> > 
> > On Thu, 4 May 2000, Ralf Hildebrandt wrote:
> > 
> > > On Thu, May 04, 2000 at 05:17:18PM +0545, Deepak Shrestha wrote:
> > > 
> > > > As an alternative, you could simply build statically-linked versions of
> > > > the BIND binaries to put in your chroot jail. 
> > > > 
> > > > how can we statically-link the lib files?
> > > 
> > > At build time of the binaries.
> > > 
> > > > and why is it necessary?
> > > 
> > > It's not. Haven't you read what you just quoted??
> > > By statically linking the binaries against the libraries you don't need the
> > > dynamic libraries in the chroot-area (they're IN the binaries itself).
> > > 
> > > 
> > > 
> > 
> > 
> > 
> --
> Mark Andrews, Nominum Inc.
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com
> 
> 
>

More information about the bind-users mailing list