chroot and bind
I was wondering if anyone out there has tried to run bind in a chroot'ed directory so it is run with the least privilege. I've been trying to set this up for a few days without any luck.
I'm running slackware 7.1 with the 2.2.16 kernel. I'm trying to set it up as stated in the /usr/doc/Linux-HOWTOs/Chroot-BIND-HOWTO directory. I've made the directory structure:
/chroot
+-- named
+-- bin
+-- dev
+-- etc
| +-- namedb
+-- lib
+-- var
+-- run
and I've followed every other step down to the logging section. It says that I need to adjust the /etc/rc.d/init.d/syslog file. Well, since that doesn't exist, I thought that it might mean /etc/rc.d/rc.inet2 - where the syslog daemon is started up. I went into that file and added the line they suggest. My syslog startup script now looks like this:
# Start the SYSLOGD/KLOGD daemons:
if [ -x ${NET}/syslogd ]; then
echo -n " syslogd"
${NET}/syslogd -m 0 -a /chroot/named/dev/log
sleep 1 # prevent syslogd/klogd race condition on SMP kernels
echo -n " klogd"
# '-c 3' = display level 'error' or higher messages on console
${NET}/klogd -c 3
fi
It says that when I restart syslogd that I should get a file created in the /chroot/named/dev/ directory called log. That isn't happening for me.
That's where I'm stuck. I've been looking all around online and I see a lot of help out there for redhat and freebsd, but I don't see any specifics when it comes to slackware. Can anyone help with some advice or point me in the right direction? I've looked in the O'Reilly DNS and BIND book, but I'm having the same problems when it comes to the startup scripts in rc.inet2. I'd really appreciate any help.
|