RE: Building from source and running in chroot environment

[Spain, Dr. Jeffry A.]

 Are there relatively recent instructions on how to build BIND from source and 
 run it in a chroot environment? It sounds obvious but everything I've come 
 across assumes BIND is provided by some package manager or included with the 
 operating system. I'd like to build the latest version of BIND and run it in 
 a chroot environment.  I know you have to pre-populate the chroot directories 
 but am not entirely clear on everything that's needed.

FWIW, I've been running BIND on Ubuntu, which uses AppArmor 
(https://help.ubuntu.com/12.10/serverguide/apparmor.html) to control file 
access by applications and services. I'm not able to argue the relative merits 
of chroot vs. AppArmor vs. other alternatives such as SELinux and SMACK. But 
stipulating for the moment that AppArmor is a reasonable alternative, it is 
fairly easy to use it with BIND 9 built from source. I start by installing the 
current packaged version of BIND on a snapshotted Ubuntu virtual machine that I 
can subsequently roll back. I save the files /etc/apparmor.d/usr.sbin.named and 
/etc/apparmor.d/local/usr.sbin.named, which I then place in my 
built-from-source BIND 9 installation. For this to work without modifying the 
file user.sbin.named, I use in my build the same ancillary directories that the 
Ubuntu package uses: /etc/bind for configuration files, /var/lib/bind for 
master zone data and DNSSEC keys, and /var/cache/bind for secondary zone data. 
Otherwise y
 ou can modify the file usr.sbin.named, which you should examine in conjunction 
with the AppArmor documentation for the details. You can deconstruct the Ubuntu 
bind9 source package (http://packages.ubuntu.com/quantal/bind9) to see 
everything else that the package installer does to set up BIND 9. Note that 
Ubuntu 13.04 (Raring Ringtail), due to be released in late April, will be the 
first Ubuntu version to include a packaged BIND 9.9.x.

Jeffry A. Spain, Network Administrator
Cincinnati Country Day School
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Building from source and running in chroot environment

[/dev/rob0]

On Wed, Mar 13, 2013 at 08:24:18AM -0700, Spumonti Spumonti wrote:
 Are there relatively recent instructions on how to build BIND from 
 source and run it in a chroot environment? It sounds obvious but 
 everything I've come across assumes BIND is provided by some 
 package manager or included with the operating system. I'd like to 
 build the latest version of BIND and run it in a chroot 
 environment.  I know you have to pre-populate the chroot 
 directories but am not entirely clear on everything that's needed.

Your BIND source package came with the BIND 9 ARM. See chapter 7 
thereof, which covers this.

Bv9ARM.ch07.html#id2603962
-- 
  http://rob0.nodns4.us/ -- system administration and consulting
  Offlist GMX mail is seen only if /dev/rob0 is in the Subject:
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users