Hi, Is it just me, or is the way the whole bind/named chroot is done in RHEL6 is now real ugly and messy?
The init script checks a whole bunch of stuff and uses "mount --bind" all over the place to make various files and directories available under the /var/named/chroot/ tree. After a simple bind-chroot install and "service named start" : # cat /etc/mtab /dev/vda1 / ext4 rw 0 0 proc /proc proc rw 0 0 sysfs /sys sysfs rw 0 0 devpts /dev/pts devpts rw,gid=5,mode=620 0 0 tmpfs /dev/shm tmpfs rw,rootcontext="system_u:object_r:tmpfs_t:s0" 0 0 none /proc/sys/fs/binfmt_misc binfmt_misc rw 0 0 /etc/named /var/named/chroot/etc/named none rw,bind 0 0 /var/named /var/named/chroot/var/named none rw,bind 0 0 /etc/named.conf /var/named/chroot/etc/named.conf none rw,bind 0 0 /etc/named.rfc1912.zones /var/named/chroot/etc/named.rfc1912.zones none rw,bind 0 0 /etc/rndc.key /var/named/chroot/etc/rndc.key none rw,bind 0 0 /usr/lib64/bind /var/named/chroot/usr/lib64/bind none rw,bind 0 0 /etc/named.iscdlv.key /var/named/chroot/etc/named.iscdlv.key none rw,bind 0 0 Yuck! Maybe it works with all of the defaults, but when changing things slightly (file locations, directories used), it gets very fragile. Not to mention that by default you get this utterly confusing empty path as a side-effect of mouning /var/named on a sub-directory if itself : /var/named/chroot/var/named/chroot/var/named Sorry for the rant. I think I'll now consider not using the chroot feature anymore since my DNS servers have the DNS service as their only service and selinux in enforcing mode. I'll also use this as an excuse to have another look around at other DNS daemons : 'tis the season to be switchy! Matthias -- Clean custom Red Hat Linux rpm packages : http://freshrpms.net/ Fedora release 14 (Laughlin) - Linux kernel 2.6.35.6-48.fc14.x86_64 Load : 0.01 0.14 0.50 _______________________________________________ rhelv6-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv6-list
