Re: BIND inside a jail on FreeBSD 6.0

Mon, 01 May 2006 06:11:55 -0700 

------------------------------

Message: 23
Date: Fri, 28 Apr 2006 19:36:22 -0600
From: "Chad Leigh -- Shire.Net LLC" <[EMAIL PROTECTED]>
Subject: Re: BIND inside a jail on FreeBSD 6.0
To: patrick <[EMAIL PROTECTED]>
Cc: freebsd-questions@freebsd.org
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed


On Apr 28, 2006, at 6:57 PM, patrick wrote:


I'm trying to run BIND inside a jail on FreeBSD 6.0, and I'm
encountering the following problem:

[EMAIL PROTECTED] /var/named]# /etc/rc.d/named start
mount_devfs: Operation not permitted
/etc/rc.d/named: WARNING: devfs_domount(): Unable to mount devfs on
/var/named/dev
devfs rule: ioctl DEVFSIO_RAPPLY: Operation not permitted
devfs rule: ioctl DEVFSIO_RAPPLY: Operation not permitted
Starting named.

And then it doesn't start...

(I realize that BIND already runs in a chroot'd environment, but I'm
running a second copy of BIND on an existing development server as a
secondary test environment.)

The problem looks like it originates in /etc/rc.d/named:

       # Mount a devfs in the chroot directory if needed
       #
       umount ${named_chrootdir}/dev 2>/dev/null
       devfs_domount ${named_chrootdir}/dev devfsrules_hide_all
       devfs -m ${named_chrootdir}/dev rule apply path null unhide
       devfs -m ${named_chrootdir}/dev rule apply path random unhide

I tried mounting the devfs outside the jail to the jail's
/var/named/dev, and then commenting out these lines above, but named
will still not start. Does anyone have any suggestions?


BIND is trying to setup a chroot(8) before it starts. If you're
already inside a jail, then IMHO it is a little overkill (i.e. Running
BIND in a chroot inside a jail).

Check the BIND related values in rc.conf(5). The chroot(8) startup is
triggered via this one:

named_chrootdir="/var/named"    # Chroot directory (or "" not to auto-chroot it)

So try setting it to

named_chrootdir=""

and it should disable the chroot code from the startup script.

Of course, if you still need to chroot(8) your named(8) install inside
your jail, then you're at the same point. Consider running another
jail perhaps? Or use BIND's view feature.

Hope this helps,

David



Thanks,

Patrick
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-
[EMAIL PROTECTED]"


--
David Robillard
UNIX systems administrator, CISSP
Montreal: +1 514 966 0122
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to