BIND 9 in a chroot environment
Peter Clark
pclark at pclark.com
Sat Mar 10 17:43:32 MST 2012
On Mar 10, 2012, at 7:39 PM, Pavel Herrmann <morpheus.ibis at gmail.com> wrote:
> On Saturday 10 of March 2012 19:18:14 Peter Clark wrote:
>> Hi,
>>
>>
>>
>> I'm running Fedora 16 and as with Fedora for quite a while it runs BIND in a
>> chroot environment. I'm curious if there's any new documentation or
>> suggestions on how to configure this properly? It seems that the libraries
>> dlz_bind9.so requires aren't available to it in a chroot environment:
>>
>>
>>
>> Mar 10 19:04:41 c3po named[13784]: dlz_dlopen failed to open library
>> '/usr/local/samba/lib/bind9/dlz_bind9.so' - libpopt.so.0: cannot open shared
>> object file: No such file or directory
>>
>>
>>
>> Libpopt.so.0 is in /lib64. Mounting /lib64 into /var/named/chroot/lib64
>> makes this problem go away but I'm sure there's a more elegant solution than
>> mounting a whole bunch of system directories into the chroot jail?
>>
>>
>>
>> Thanks in advance,
>>
>>
>>
>> Peter
>
> Hi,
>
> have you tried (hard)linking/copying only the required libs? i imagine there
> would be no other way - isolation is the point of chroot jail
>
> Pavel
I started going down that road but after a number of files copied or linked into the jail I gave up.
Is there a way to compile this as a static object instead of shared? That way it wouldn't need to go outside the jail.
More information about the samba-technical
mailing list