Am 19.02.2016 um 12:13 schrieb Josep Manel Andrés:
Hi Harald, Thanks, but I suspect those are the files that come with the default system installation, but not usable (without modifications) if I have compiled it from source. Am I right?
well, it should not be that hard to adopt them for your needs or even build a proper package containing all that stuff - only over my dead body i would do a "make install" on any machine oustide rpmbuild
On 19/02/16 12:02, Reindl Harald wrote:Am 19.02.2016 um 11:45 schrieb Josep Manel Andrés:I have just compiled bind-9.9.8-P3 on SLES12 and tried to adapt the init script we where using on SLES11SP3, but it doesn't seem to work, since the new version of bind needs to get some libraries copied into the chroot environment, that's why I am trying to adapt the systemd script that comes with the version from repos on SLES 12 but so far I didn't get it working. Does anyone has a systemd or init script that works for bind-9.9.8-P3 ? What would be the correct procedure to run named as daemon?Fedora contains systemd-units for a long time now _______________________________________________________________________ [root@srv-rhsoft:~]$ cat /etc/systemd/system/named.service [Unit] Description=DNS Server After=network.service systemd-networkd.service network-online.target network-wan-bridge.service network-wlan-bridge.service openvpn.service [Service] Type=simple ExecStartPre=/usr/libexec/setup-named-chroot.sh /var/named/chroot on ExecStartPre=/usr/sbin/named-checkconf -t /var/named/chroot -z /etc/named.conf ExecStart=/usr/sbin/named -4 -f -u named -t /var/named/chroot ExecReload=/usr/bin/kill -HUP $MAINPID ExecStop=/usr/bin/kill -TERM $MAINPID ExecStopPost=/usr/libexec/setup-named-chroot.sh /var/named/chroot off PrivateTmp=yes PrivateDevices=yes TimeoutSec=25 Restart=always RestartSec=1 CapabilityBoundingSet=CAP_CHOWN CAP_SETGID CAP_SETUID CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_KILL CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_IPC_LOCK CAP_SYS_CHROOT ReadOnlyDirectories=/etc ReadOnlyDirectories=/usr ReadOnlyDirectories=/var/lib InaccessibleDirectories=-/root InaccessibleDirectories=-/media InaccessibleDirectories=-/boot InaccessibleDirectories=-/home InaccessibleDirectories=-/run/console InaccessibleDirectories=-/run/dbus InaccessibleDirectories=-/run/lock InaccessibleDirectories=-/run/mount InaccessibleDirectories=-/run/systemd/generator InaccessibleDirectories=-/run/systemd/system InaccessibleDirectories=-/run/systemd/users InaccessibleDirectories=-/run/udev InaccessibleDirectories=-/run/user InaccessibleDirectories=-/var/lib/dbus InaccessibleDirectories=-/var/lib/rpm InaccessibleDirectories=-/var/lib/systemd InaccessibleDirectories=-/var/lib/yum InaccessibleDirectories=-/var/spool [Install] WantedBy=multi-user.target _______________________________________________________________________ [root@srv-rhsoft:~]$ cat /usr/libexec/setup-named-chroot.sh #!/bin/bash ROOTDIR_MOUNT='/etc/localtime /etc/named /etc/pki/dnssec-keys /etc/named.root.key /etc/named.conf /etc/named.dnssec.keys /etc/named.rfc1912.zones /etc/rndc.conf /etc/rndc.key /usr/lib64/bind /usr/lib/bind /etc/named.iscdlv.key /run/named /var/named /etc/crypto-policies/back-ends/bind.config' usage() { echo echo 'This script setups chroot environment for BIND' echo 'Usage: setup-named-chroot.sh ROOTDIR [on|off]' } if ! [ "$#" -eq 2 ]; then echo 'Wrong number of arguments' usage exit 1 fi ROOTDIR="$1" # Exit if ROOTDIR doesn't exist if ! [ -d "$ROOTDIR" ]; then echo "Root directory $ROOTDIR doesn't exist" usage exit 1 fi mount_chroot_conf() { if [ -n "$ROOTDIR" ]; then for all in $ROOTDIR_MOUNT; do # Skip nonexistant files [ -e "$all" ] || continue # If mount source is a file if ! [ -d "$all" ]; then # mount it only if it is not present in chroot or it is empty if ! [ -e "$ROOTDIR$all" ] || [ `stat -c'%s' "$ROOTDIR$all"` -eq 0 ]; then touch "$ROOTDIR$all" mount --bind "$all" "$ROOTDIR$all" fi else # Mount source is a directory. Mount it only if directory in chroot is # empty. if [ -e "$all" ] && [ `ls -1A $ROOTDIR$all | wc -l` -eq 0 ]; then mount --bind --make-private "$all" "$ROOTDIR$all" fi fi done fi } umount_chroot_conf() { if [ -n "$ROOTDIR" ]; then for all in $ROOTDIR_MOUNT; do # Check if file is mount target. Do not use /proc/mounts because detecting # of modified mounted files can fail. if mount | grep -q '.* on '"$ROOTDIR$all"' .*'; then umount "$ROOTDIR$all" # Remove temporary created files [ -f "$all" ] && rm -f "$ROOTDIR$all" fi done fi } case "$2" in on) mount_chroot_conf ;; off) umount_chroot_conf ;; *) echo 'Second argument has to be "on" or "off"' usage exit 1 esac exit 0
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
