Re: named chroot rcNG devfs

2003-02-16 Thread Alexander Leidinger 
On Sun, 16 Feb 2003 03:09:46 +0100
[EMAIL PROTECTED] wrote:

   On the other hand shared libraries are needed (or a port that
   supports linking bind statically...)
  
  cd /usr/ports/net/bind[89]
  make clean
  make CFLAGS+=-static -DPORT_REPLACES_BASE_BIND8
  make install
  
 
 i don't like ports installing to locations of base system binaries,
 i.e. /usr/sbin etc., and in the case of bind i don't see a reason
 why the port should be installed in place of the base bind only to
 get copied over to the chroot. wouldn't it be fine if the bind ports
 would support '-DPORT_INSTALL_CHROOT' or something only installing
 static binaries directly to the chroot? on the other hand

Or something:
 copy the needed files (named, named-xfer) based upon echo $(dirname
${named_program})|sed -e 's:/sbin::'

 /etc/rc.d/named probably should also support running chrooted with
 the base bind which would either require copying the required libs
 or a statically linked base bind...
 well, i'm looking forward to your improved version.

lines=$(($(ldd ${program} | wc -l) - 1))
for lib in $(ldd ${program} | tail -${lines} | sed -e 's:.*= ::g;s: (.*::g'); do
cp $lib 
done


I also think we should have a look at the output of rcNG in general and
decide which style we want to use. At the moment we have the old style
Configuring syscons: fontX Y Z foo bar and also Starting sshd., Starting
lpd., ... and also /usr/local/etc/rc.d with the old style start
messages. This is inconsistent.

Bye,
Alexander.

-- 
   It's not a bug, it's tradition!

http://www.Leidinger.net   Alexander @ Leidinger.net
  GPG fingerprint = C518 BC70 E67F 143F BE91  3365 79E2 9C60 B006 3FE7

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-current in the body of the message

Re: named chroot rcNG devfs

2003-02-16 Thread Alexander Leidinger 
On Fri, 14 Feb 2003 09:31:57 -0800
Gordon Tetlow [EMAIL PROTECTED] wrote:

 On Tue, Feb 11, 2003 at 06:59:31PM +0100, Alexander Leidinger wrote:
  Hi,
  
  /etc/rc.d/named copies /dev with pax to the named chroot directory. This
  is obviously wrong with devfs, isn't it?
 
 You should read the script a little closer. That code path is only taken
 on NetBSD.

---snip---
case ${OSTYPE} in
FreeBSD)
! checkyesno named_rcng  return 0
# Is the user using a sandbox?
if [ -z $named_chrootdir ]; then
rc_flags=-u $nuser -g $ngroup $rc_flags
return 0
fi

# Do the following checks only if the user wants them done
checkyesno named_chroot_autoupdate  chroot_autoupdate
;;
---snip---

I read this as:
  If there's a non null named_chrootdir, then check if we want the
  autoupdate, else just run with user/group.

BTW.: What does a '!' as the first character of a command in a /bin/sh
script mean (I know what it means in zsh/tcsh/bash when used
interactively, but the above use of it is unknown to me)?

Bye,
Alexander.

-- 
Yes, I've heard of decaf. What's your point?

http://www.Leidinger.net   Alexander @ Leidinger.net
  GPG fingerprint = C518 BC70 E67F 143F BE91  3365 79E2 9C60 B006 3FE7

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-current in the body of the message

Re: named chroot rcNG devfs

2003-02-15 Thread Doug Barton 
On Tue, 11 Feb 2003 [EMAIL PROTECTED] wrote:

 /etc/rc.d/named is quite bogus, especially when it comes to running bind
 chrooted.

Correct. I'm working on an improved method of dealing with this.

 E.g. /dev/null isn't needed by bind8 at all

Incorrect. /dev/null is needed for bind 8. /dev/null and /dev/random are
needed for bind 9. Depending on what you're doing, /dev/random is probably
a good idea for bind 8 as well.

 On the other hand shared libraries are needed (or a port that
 supports linking bind statically...)

cd /usr/ports/net/bind[89]
make clean
make CFLAGS+=-static -DPORT_REPLACES_BASE_BIND8
make install

Doug

-- 

The last time France wanted more evidence, it rolled right
through Paris with a German flag. - David Letterman

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-current in the body of the message

Re: named chroot rcNG devfs

2003-02-15 Thread marius 
On Sat, Feb 15, 2003 at 05:09:19PM -0800, Doug Barton wrote:
 On Tue, 11 Feb 2003 [EMAIL PROTECTED] wrote:

  /etc/rc.d/named is quite bogus, especially when it comes to running bind
  chrooted.

 Correct. I'm working on an improved method of dealing with this.

great!

 
  E.g. /dev/null isn't needed by bind8 at all
 
 Incorrect. /dev/null is needed for bind 8. /dev/null and /dev/random are
 needed for bind 9. Depending on what you're doing, /dev/random is probably
 a good idea for bind 8 as well.

hrm, i thought to have checked properly when i set up the chroots. may
this have changed througout version 8? anyway, they still run happily
without /dev/null.

 
  On the other hand shared libraries are needed (or a port that
  supports linking bind statically...)
 
 cd /usr/ports/net/bind[89]
 make clean
 make CFLAGS+=-static -DPORT_REPLACES_BASE_BIND8
 make install
 

i don't like ports installing to locations of base system binaries,
i.e. /usr/sbin etc., and in the case of bind i don't see a reason
why the port should be installed in place of the base bind only to
get copied over to the chroot. wouldn't it be fine if the bind ports
would support '-DPORT_INSTALL_CHROOT' or something only installing
static binaries directly to the chroot? on the other hand
/etc/rc.d/named probably should also support running chrooted with
the base bind which would either require copying the required libs
or a statically linked base bind...
well, i'm looking forward to your improved version.


To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-current in the body of the message

Re: named chroot rcNG devfs

2003-02-14 Thread Gordon Tetlow 
On Tue, Feb 11, 2003 at 06:59:31PM +0100, Alexander Leidinger wrote:
 Hi,
 
 /etc/rc.d/named copies /dev with pax to the named chroot directory. This
 is obviously wrong with devfs, isn't it?

You should read the script a little closer. That code path is only taken
on NetBSD.

-gordon



msg52349/pgp0.pgp
Description: PGP signature

named chroot rcNG devfs

2003-02-11 Thread Alexander Leidinger 
Hi,

/etc/rc.d/named copies /dev with pax to the named chroot directory. This
is obviously wrong with devfs, isn't it?

Bye,
Alexander.

-- 
Where do you think you're going today?

http://www.Leidinger.net   Alexander @ Leidinger.net
  GPG fingerprint = C518 BC70 E67F 143F BE91  3365 79E2 9C60 B006 3FE7

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-current in the body of the message

Re: named chroot rcNG devfs

2003-02-11 Thread marius 
On Tue, Feb 11, 2003 at 06:59:31PM +0100, Alexander Leidinger wrote:
 Hi,
 
 /etc/rc.d/named copies /dev with pax to the named chroot directory. This
 is obviously wrong with devfs, isn't it?
 

/etc/rc.d/named is quite bogus, especially when it comes to running bind
chrooted. E.g. /dev/null isn't needed by bind8 at all (also checked with
ktrace), not sure about bind9 though as it uses daemon(3) which tries to
open it. On the other hand shared libraries are needed (or a port that
supports linking bind statically...) and a copy of named itself if
`ndc restart` shall work. Moreover, due to the hardcoded patch for copy-
ing named-xfer it also doesn't work with the bind[8,9] ports, tweaking
rc-scripts to run with ports is NetBSD-style but not as FreeBSD used to
be... A designated option to make syslogd(8) pick up an additional
/etc/namedb/var/run/log would also be nice.
Mike Makonnen is aware of the brokenness at least I mailed him about it
quite some time ago, before rcNG was turned on by default.

FYI, a working bind8-chroot I use on 4-stable boxes looks like this:
quad# ls -R /etc/namedb/
PROTO.localhost-v6.rev
PROTO.localhost.rev
etc
localhost-v6.rev
localhost.rev
make-localhost
master.conf
named.conf
named.conf.orig
named.root
slave
slave.conf
slave_xws.conf
usr
var

/etc/namedb/etc:
localtime

/etc/namedb/slave:
...

/etc/namedb/usr:
lib
libexec
local

/etc/namedb/usr/lib:
libc.so.4
libm.so.2
libutil.so.3

/etc/namedb/usr/libexec:
ld-elf.so.1

/etc/namedb/usr/local:
libexec
sbin

/etc/namedb/usr/local/libexec:
named-xfer

/etc/namedb/usr/local/sbin:
named

/etc/namedb/var:
db
run

/etc/namedb/var/db:
named_dump.db

/etc/namedb/var/run:
log
named.pid
ndc

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-current in the body of the message

Re: named chroot rcNG devfs

2003-02-11 Thread Dimitry Andric 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 2003-02-11 at 20:29:17 [EMAIL PROTECTED] wrote:

mafd E.g. /dev/null isn't needed by bind8 at all (also checked with
mafd ktrace), not sure about bind9 though as it uses daemon(3) which
mafd tries to open it.

On my 4.7-STABLE box, bind9 uses /dev/null and /dev/random.  It
probably dups stdin, stdout and stderr to /dev/null at startup, and it
obviously uses /dev/random for random data. :)  I presume this
behaviour will be exactly the same on -CURRENT.

Cheers,
- --
Dimitry Andric [EMAIL PROTECTED]
PGP Key: http://www.xs4all.nl/~dim/dim.asc
Fingerprint: 7AB462D2CE35FC6D42394FCDB05EA30A2E2096A3
Lbh whfg ivbyngrq gur QZPN naq jvyy or cebfrphgrq

-BEGIN PGP SIGNATURE-
Version: 6.5.8ckt http://www.ipgpp.com/
Comment: http://duncan.gn.apc.org/stoa_cover.htm

iQA/AwUBPklGK7BeowouIJajEQLoZgCgh3/Pdz7cpQ2C0uWXSZJuVjObIO0AnjKB
pJMDUoSn/QuzG+87MhgarKQg
=4qh8
-END PGP SIGNATURE-


To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-current in the body of the message