I'm replying to debian-user since this is the only relevant list from those you sent this message to. Please try to avoid sending to more than one list. I'm NOT on the debian-user list. I got your message through debian-isp.
On Tue, July 14 1998, cfb <[EMAIL PROTECTED]> wrote: |The main problem seems to be with the way that debian starts bind using |the script /etc/init.d/bind. I thought it would be really neat to just |change the #!/bin/sh at the top of the script to something like : | #!/usr/sbin/chroot /chroot-dns/ /bin/sh |or | #!/usr/sbin/chroot /chroot-dns/ /chroot-dns/bin/sh |but I was getting various errors like "can't change root to The #! syntax is parsed by the kernel and limits you to a single argument. It used to also limit the length of the line a lot (like 30 bytes or so) but I trust linux to lift that limitation. |Ok, so I figured that some obsecure nitche problem with shell invocation |or usage was preventing this from working; so, I focused my attention on |the start-stop-daemon utility used in the script. I initially, I tried |chrooting the start-stop-daemon utility itself, but that failed. I then How did this fail? Did you update the paths to reflect the fact that '/' under chroot means '/chroot-dns/'? |realized that it would be better to --exec /usr/sbin/chroot rather than |attempt to chroot the start-stop-daemon. >From the manual of start-stop-daemon it looks like --exec checks for running processes. It does this by accessing /proc but since you already chroot'ed the process it won't be able to do that. So you should probably chroot the program start-stop-daemon executes. |The main problem with this is that start-stop-daemon would never return |from its' --exec /usr/sbin/chroot, effectivly hanging up the script at |that point. All of this was being done remotely, and I made the mistake |or rebooting the box with this script in place. I have to stop by the |remote site and fix/reboot the box in person. | |Anyone with any clues on how to easily and effectivly chroot bind under |debian? Worst case, I will rewrite the /etc/init.d/bind script to use |something other than start-stop-daemon, but I'de really like to stick |with the mood and tone set /etc/init.d It's not a testted solution but here is something: Write a script which contains just: #!/bin/sh -- exec /usr/sbin/chroot /var/chroot/bind /bind Call this script something like /usr/local/sbin/chroot-bind (make it executable) and *run* it using start-stop daemon instead of the binary directly. The *stop* clause should stay the same except that the pid file should be something like /chroot-dns/var/run/named.pid unless you find a way to specify another file name in named.conf (I don't have the Debian bind-doc package installed so I can't look for it now) You'll have to create the directory hierarchy under /chroot-dns/: /var/named, /etc, /var/run/, /var/tmp and maybe update /chroot-dns/etc/named.conf And learn UNIX. You were banging your head against known UNIX behaviour and documented Debian utilities. --Amos --Amos Shapira | "Of course Australia was marked for 133 Shlomo Ben-Yosef st. | glory, for its people had been chosen Jerusalem 93 805 | by the finest judges in England." ISRAEL [EMAIL PROTECTED] | -- Anonymous -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
