[Linux-disciples] chrooting bind9
Stephen R Laniel
steve at laniels.org
Mon Nov 14 16:28:14 EST 2005
On Mon, Oct 24, 2005 at 05:09:25PM -0400, Adam Rosi-Kessel wrote:
> So my guess is that BIND and its ilk is very easy to run chrooted because
> it's much more self-contained than Apache, so it is an easy recommendation
> to follow, and thus more standard.
I can't imagine that it's actually this much of a process to
chroot bind, is it?
http://people.debian.org/~pzn/howto/chroot-bind.sh.txt
Every time I upgrade bind, I'll have to go through most of
that process again -- find the libraries it depends on, copy
them over, etc. There's an easier way, isn't there? I've
never chroot'ed anything, so maybe I'm wrong.
For what it's worth, this command will copy all the
libraries into the appropriate subtree within the jail:
for i in $(ldd /usr/sbin/named |grep -o '/[^ ]\+'); do sudo cp $i $(echo $i |sed 's#^/##'); done
--
Stephen R. Laniel
steve at laniels.org
+(617) 308-5571
http://laniels.org/
PGP key: http://laniels.org/slaniel.key
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.bostoncoop.net/pipermail/linux-disciples/attachments/20051114/531cd7fe/attachment.pgp
More information about the Linux-disciples
mailing list