Hi1 Please try not to wrap long lines in command output.
On Tuesday, 2002-10-29 at 23:35:42 +0100, J.J. van Gorkum wrote: > Hi, I have a question about chrooting bind 8.3.3 > I have used the setup as described in > http://people.debian.org/~pzn/howto/chroot-bind.sh.txt ... but when I > then start bind evrything looks right but when I do a lsof -p <pid of > named> I see: > command to start bind: > start-stop-daemon --start --quiet --exec /usr/sbin/named -- -u named -g > named -t /var/lib/chroot/named/ > # lsof -p 22119 > COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME > named 22119 named cwd DIR 8,22 4096 145479 >/var/lib/chroot/named/var/cache/bind > named 22119 named rtd DIR 8,22 4096 145467 /var/lib/chroot/named > named 22119 named txt REG 8,6 512088 130880 /usr/sbin/named > named 22119 named mem REG 8,5 82503 30185 /lib/ld-2.2.5.so > named 22119 named mem REG 8,5 1145456 30223 /lib/libc-2.2.5.so > named 22119 named mem REG 8,5 32664 30232 /lib/libnss_files-2.2.5.so > named 22119 named 0u CHR 1,3 145480 >/var/lib/chroot/named/dev/null > named 22119 named 1u CHR 1,3 145480 >/var/lib/chroot/named/dev/null > named 22119 named 2u CHR 1,3 145480 >/var/lib/chroot/named/dev/null > named 22119 named 3u unix 0xe1086560 5375674 socket > named 22119 named 4u IPv4 5375686 UDP *:32943 > named 22119 named 5u unix 0xd9d1ec40 5375676 /var/run/ndc > named 22119 named 20u IPv4 5375680 UDP localhost:domain > named 22119 named 21u IPv4 5375681 TCP localhost:domain (LISTEN) > and when I change the command to start bind to : > start-stop-daemon --chroot /var/lib/chroot/named/ --start --pidfile > /var/run/named.pid --exec /usr/sbin/named -- -u named -g named > I see: > # lsof -p 23433 > COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME > named 23433 named cwd DIR 8,22 4096 145479 >/var/lib/chroot/named/var/cache/bind > named 23433 named rtd DIR 8,22 4096 145467 /var/lib/chroot/named > named 23433 named txt REG 8,22 512088 145502 >/var/lib/chroot/named/usr/sbin/named > named 23433 named mem REG 8,22 82503 145501 >/var/lib/chroot/named/lib/ld-linux.so.2 > named 23433 named mem REG 8,22 1145456 145500 >/var/lib/chroot/named/lib/libc.so.6 > named 23433 named mem REG 8,22 32664 146115 >/var/lib/chroot/named/lib/libnss_files.so.2 > named 23433 named 0u CHR 1,3 145480 >/var/lib/chroot/named/dev/null > named 23433 named 1u CHR 1,3 145480 >/var/lib/chroot/named/dev/null > named 23433 named 2u CHR 1,3 145480 >/var/lib/chroot/named/dev/null > named 23433 named 3u unix 0xef055a80 5239772 socket > named 23433 named 4u IPv4 5239784 UDP *:32942 > named 23433 named 5u unix 0xeee6d140 5239774 /var/run/ndc > named 23433 named 20u IPv4 5239778 UDP localhost:domain > named 23433 named 21u IPv4 5239779 TCP localhost:domain (LISTEN) > Look at the difference in the libraries, as I can see when I start named > as stated in the script the libraries in the chrooted environment are > not used.... > Am I wrong here? Wrong in asssuming that named's dynamic libraries are linked in after named has chorooted? Yes. Dynamic linking *must* take place before the program gets control, or how could it use a library function otherwise? You may need the libraries in the jail if named runs external programs. AFAIR, named versions 4 and 8 do that, version 9 doesn't. HTH, Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | Big Misunderstandings #6398: The Titanic was not supposed to be | | unsinkable. The designer had a speech impediment. He said: "I have | | thith great unthinkable conthept ..." | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
