Re: [discuss] Last bind breaks chroot capabilities?

[Bryan Paxton]

On Fri, 2002-01-25 at 10:38, Todd Lyons wrote:
> Bryan Paxton wanted us to know:
> 
> > The last BIND upgrade ( MDKSA-2002:001 ) has seemed to break BIND's
> >ability to perform a chroot, and reside in that jail.
> >
> >Excerpt from logs:
> ><SNIP>
> >Jan 25 00:00:40 sQa /usr/sbin/named[18391]: starting BIND 9.1.1 -n 2 -u
> >dns -t /var/dns/
> >Jan 25 00:00:40 sQa /usr/sbin/named[18391]: using 2 CPUs
> 
> Process number 1 is pid 18391
> 
> >Jan 25 00:00:40 sQa /usr/sbin/named[20932]: loading configuration from
> >'/etc/named.conf'
> >Jan 24 18:00:40 sQa named: named startup succeeded
> >Jan 25 00:00:40 sQa /usr/sbin/named[20932]: no IPv6 interfaces found
> >Jan 25 00:00:40 sQa /usr/sbin/named[20932]: listening on IPv4 interface
> >lo, 127.0.0.1#53
> >Jan 25 00:00:40 sQa /usr/sbin/named[20932]: listening on IPv4 interface
> >eth1, 172.16.19.1#53
> >Jan 25 00:00:40 sQa /usr/sbin/named[20932]: couldn't open pid file
> >'/var/run/named/named.pid': No such file or directory
> >Jan 25 00:00:40 sQa /usr/sbin/named[20932]: exiting (due to early fatal
> >error)
> ></SNIP>
> 
> Process number 2 is pid 20932
> 
> > It appears it's trying to write a PID file before chrooting.
> 
> No, it's already forked.  So the directory in question needs to be in
> the chroot jail.
> 
> >The lay out of /var/dns:
> >`-- var
> >    |-- named
> >    |   |-- internal.db
> >    |   |-- named.ca
> >    |   `-- named.local
> >    `-- run
>          `-- named
> 
> That's all that's needed.

Yes, it was a duh(luser) error : ) 
Don't try to stay up for two days then perform maintence ; ) 
Danke



-- 
Bryan Paxton
Public PGP key: http://www.deadhorse.net/bpaxton.gpg


For help, email discuss-help@mandrakesecure.net; to unsubscribe send a
message to discuss-unsubscribe@mandrakesecure.net.  To visit MandrakeSecure,
go to http://www.mandrakesecure.net/.