Hi, I have a question about chrooting bind 8.3.3 I have used the setup as described in http://people.debian.org/~pzn/howto/chroot-bind.sh.txt ... but when I then start bind evrything looks right but when I do a lsof -p <pid of named> I see:
command to start bind: start-stop-daemon --start --quiet --exec /usr/sbin/named -- -u named -g named -t /var/lib/chroot/named/ # lsof -p 22119 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME named 22119 named cwd DIR 8,22 4096 145479 /var/lib/chroot/named/var/cache/bind named 22119 named rtd DIR 8,22 4096 145467 /var/lib/chroot/named named 22119 named txt REG 8,6 512088 130880 /usr/sbin/named named 22119 named mem REG 8,5 82503 30185 /lib/ld-2.2.5.so named 22119 named mem REG 8,5 1145456 30223 /lib/libc-2.2.5.so named 22119 named mem REG 8,5 32664 30232 /lib/libnss_files-2.2.5.so named 22119 named 0u CHR 1,3 145480 /var/lib/chroot/named/dev/null named 22119 named 1u CHR 1,3 145480 /var/lib/chroot/named/dev/null named 22119 named 2u CHR 1,3 145480 /var/lib/chroot/named/dev/null named 22119 named 3u unix 0xe1086560 5375674 socket named 22119 named 4u IPv4 5375686 UDP *:32943 named 22119 named 5u unix 0xd9d1ec40 5375676 /var/run/ndc named 22119 named 20u IPv4 5375680 UDP localhost:domain named 22119 named 21u IPv4 5375681 TCP localhost:domain (LISTEN) and when I change the command to start bind to : start-stop-daemon --chroot /var/lib/chroot/named/ --start --pidfile /var/run/named.pid --exec /usr/sbin/named -- -u named -g named I see: # lsof -p 23433 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME named 23433 named cwd DIR 8,22 4096 145479 /var/lib/chroot/named/var/cache/bind named 23433 named rtd DIR 8,22 4096 145467 /var/lib/chroot/named named 23433 named txt REG 8,22 512088 145502 /var/lib/chroot/named/usr/sbin/named named 23433 named mem REG 8,22 82503 145501 /var/lib/chroot/named/lib/ld-linux.so.2 named 23433 named mem REG 8,22 1145456 145500 /var/lib/chroot/named/lib/libc.so.6 named 23433 named mem REG 8,22 32664 146115 /var/lib/chroot/named/lib/libnss_files.so.2 named 23433 named 0u CHR 1,3 145480 /var/lib/chroot/named/dev/null named 23433 named 1u CHR 1,3 145480 /var/lib/chroot/named/dev/null named 23433 named 2u CHR 1,3 145480 /var/lib/chroot/named/dev/null named 23433 named 3u unix 0xef055a80 5239772 socket named 23433 named 4u IPv4 5239784 UDP *:32942 named 23433 named 5u unix 0xeee6d140 5239774 /var/run/ndc named 23433 named 20u IPv4 5239778 UDP localhost:domain named 23433 named 21u IPv4 5239779 TCP localhost:domain (LISTEN) Look at the difference in the libraries, as I can see when I start named as stated in the script the libraries in the chrooted environment are not used.... Am I wrong here? -- J.J. van Gorkum Knowledge Zone -- If UNIX isn't the solution, you've got the wrong problem.