DHCP Server V3.0.5 No BPF under chroot. Works normally otherwise.
I found some cook-book instructions for running dhcpd in a chroot environment. The article is 4 years old and appears to be set up for FreeBSD5x, but it isn't far off for FreeBSD6.2 which is what I need dhcpd to run on. Dhcpd runs fine when started normally as in /usr/local/sbin/dhcpd. I haven't yet gotten it to launch as the chroot'ed version. When one starts it, here is what happens: chroot /usr/local/chroot/dhcpd /usr/local/sbin/dhcpd Internet Systems Consortium DHCP Server V3.0.5 Copyright 2004-2006 Internet Systems Consortium. All rights reserved. For info, please visit http://www.isc.org/sw/dhcp/ WARNING: Host declarations are global. They are not limited to the scope you declared them in. Wrote 0 deleted host decls to leases file. Wrote 0 new dynamic host decls to leases file. Wrote 0 leases to leases file. No bpf devices. Please read the README section for your operating system. If I do a ls, everything looks identical: cd /usr/local/chroot/dhcpd/dev ls -l bpf* crw--- 1 root wheel0, 96 Mar 6 11:44 bpf0 crw--- 1 root wheel1, 97 Mar 6 11:44 bpf1 cd /dev ls -l bpf* crw--- 1 root wheel0, 96 Mar 5 21:00 bpf0 crw--- 1 root wheel0, 97 Mar 5 21:00 bpf1 The part of the script that makes those devices is as follows: BPF=`ls -l /dev/bpf0 | awk '{ print $6; }' | sed -e 's/,//g'` export BPF BPF1=`ls -l /dev/bpf1 | awk '{ print $6; }' | sed -e 's/,//g'` export BPF1 cd /usr/local/chroot/dhcpd/dev mknod bpf0 c 0 $BPF mknod bpf1 c 1 $BPF1 chmod 0600 bpf* I will post the script when it works since it appears to be about 90% good. It needs a little touch-up to make it work for FreeBSD6. My guess is that there is something else I need in the chroot environment since the bpf appears to work normally when dhcpd is run from root in the traditional way. My thanks and a lot of credit to the person who originally wrote this script which can be found at Linkname: Screaming Electron Forums - How to chroot your existing isc-dhcpd server on freebsd Martin McCormick WB5AGZ Stillwater, OK Systems Engineer OSU Information Technology Department Network Operations Group URL: http://screamingelectron.org/forum/archive/index.php/t-837.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: DHCP Server V3.0.5 No BPF under chroot. Works normally otherwise.
On Tue, Mar 06, 2007 at 07:03:35PM -0600, Martin McCormick wrote: I found some cook-book instructions for running dhcpd in a chroot environment. The article is 4 years old and appears to be set up for FreeBSD5x, but it isn't far off for FreeBSD6.2 which is what I need dhcpd to run on. I run isc-dhcp3-server-3.0.5 from ports, started from /etc/rc.conf with the following options: dhcpd_enable=YES # dhcpd enabled? dhcpd_flags=-q# command option(s) dhcpd_conf=/usr/local/etc/dhcpd.conf # configuration file dhcpd_ifaces= # ethernet interface(s) dhcpd_withumask=022 # file creation mask dhcpd_chuser_enable=YES # runs w/o privileges? dhcpd_withuser=dhcpd # user name to run as dhcpd_withgroup=dhcpd # group name to run as dhcpd_chroot_enable=YES # runs chrooted? dhcpd_devfs_enable=YES# use devfs if available? dhcpd_rootdir=/var/db/dhcpd # directory to run in dhcpd_includedir= # directory with config- Here's the full pkg-message: [EMAIL PROTECTED]/usr/ports/net/isc-dhcp3-server $ make display-message To setup dhcpd, you may have to copy /usr/local/etc/dhcpd.conf.sample to /usr/local/etc/dhcpd.conf for editing. This port installs dhcp daemon, but don't invokes dhcpd by default. If you want to invoke dhcpd at startup, put these lines into /etc/rc.conf. dhcpd_enable=YES # dhcpd enabled? dhcpd_flags=-q# command option(s) dhcpd_conf=/usr/local/etc/dhcpd.conf # configuration file dhcpd_ifaces= # ethernet interface(s) dhcpd_withumask=022 # file creation mask If compiled with paranoia support (the default), the following lines are also supported: dhcpd_chuser_enable=YES # runs w/o privileges? dhcpd_withuser=dhcpd # user name to run as dhcpd_withgroup=dhcpd # group name to run as dhcpd_chroot_enable=YES # runs chrooted? dhcpd_devfs_enable=YES # use devfs if available? dhcpd_makedev_enable=YES# use MAKEDEV instead? dhcpd_rootdir=/var/db/dhcpd # directory to run in dhcpd_includedir=some_dir # directory with config- files to include dhcpd_flags=-early_chroot # needs full root WARNING: -early_chroot requires a jail(8) like environment to work. WARNING: dhcpd_devfs_enable and dhcpd_makedev_enable are mutually exclusive dhcpd_makedev_enable make NO sense on FreeBSD 5.x and up! If compiled with jail support (the default), the following lines are also supported (-early_chroot and dhcpd_chroot_enable=YES are implied): dhcpd_jail_enable=YES # runs imprisoned? dhcpd_hostname=hostname # jail hostname dhcpd_ipaddress=ip address # jail ip address WARNING: dhcpd_rootdir needs to point to a full jail(8) environment. WARNING: never edit the chrooted or jailed dhcpd.conf file but /usr/local/etc/dhcpd.conf instead which is always copied where needed upon startup. WARNING: /usr/local/etc/rc.isc-dhcpd.conf is obsolete. rc.conf like variables are still read there but should be moved /etc/rc.conf or /etc/rc.conf.d/dhcpd instead. Also, the dhcpd_options variable must be renamed dhcpd_flags if any. -- Kelly D. Grills [EMAIL PROTECTED] pgpuJ4kh8oKPm.pgp Description: PGP signature