DHCP Server V3.0.5 No BPF under chroot. Works normally otherwise.

2007-03-06 Thread Martin McCormick 
I found some cook-book instructions for running dhcpd in
a chroot environment.  The article is 4 years old and appears to
be set up for FreeBSD5x, but it isn't far off for FreeBSD6.2
which is what I need dhcpd to run on.

Dhcpd runs fine when started normally as in
/usr/local/sbin/dhcpd.  I haven't yet gotten it to launch as the
chroot'ed version.  When one starts it, here is what happens:

   chroot /usr/local/chroot/dhcpd /usr/local/sbin/dhcpd

Internet Systems Consortium DHCP Server V3.0.5
Copyright 2004-2006 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/
WARNING: Host declarations are global.  They are not limited to the scope you 
declared them in.
Wrote 0 deleted host decls to leases file.
Wrote 0 new dynamic host decls to leases file.
Wrote 0 leases to leases file.
No bpf devices.   Please read the README section for your operating system.

If I do a ls, everything looks identical:

cd /usr/local/chroot/dhcpd/dev
ls -l bpf*
crw---  1 root  wheel0,  96 Mar  6 11:44 bpf0
crw---  1 root  wheel1,  97 Mar  6 11:44 bpf1

cd /dev
ls -l bpf*
crw---  1 root  wheel0,  96 Mar  5 21:00 bpf0
crw---  1 root  wheel0,  97 Mar  5 21:00 bpf1

The part of the script that makes those devices is as follows:

BPF=`ls -l /dev/bpf0 | awk '{ print $6; }' | sed -e 's/,//g'`
export BPF
BPF1=`ls -l /dev/bpf1 | awk '{ print $6; }' | sed -e 's/,//g'`
export BPF1
cd /usr/local/chroot/dhcpd/dev
mknod bpf0 c 0 $BPF
mknod bpf1 c 1 $BPF1
chmod 0600 bpf*

I will post the script when it works since it appears to
be about 90% good.  It needs a little touch-up to make it work
for FreeBSD6.

My guess is that there is something else I need in the
chroot environment since the bpf appears to work normally when
dhcpd is run from root in the traditional way.

My thanks and a lot of credit to the person who
originally wrote this script which can be found at

   Linkname: Screaming Electron Forums - How to chroot your existing
  isc-dhcpd server on freebsd

Martin McCormick WB5AGZ  Stillwater, OK 
Systems Engineer
OSU Information Technology Department Network Operations Group
URL:
  http://screamingelectron.org/forum/archive/index.php/t-837.html
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: DHCP Server V3.0.5 No BPF under chroot. Works normally otherwise.

2007-03-06 Thread Kelly D. Grills 
On Tue, Mar 06, 2007 at 07:03:35PM -0600, Martin McCormick wrote:
 
   I found some cook-book instructions for running dhcpd in
 a chroot environment.  The article is 4 years old and appears to
 be set up for FreeBSD5x, but it isn't far off for FreeBSD6.2
 which is what I need dhcpd to run on.
 

I run isc-dhcp3-server-3.0.5 from ports, started from /etc/rc.conf with the
following options:

dhcpd_enable=YES  # dhcpd enabled?
dhcpd_flags=-q# command option(s)
dhcpd_conf=/usr/local/etc/dhcpd.conf  # configuration file
dhcpd_ifaces= # ethernet interface(s)
dhcpd_withumask=022   # file creation mask

dhcpd_chuser_enable=YES   # runs w/o privileges?
dhcpd_withuser=dhcpd  # user name to run as
dhcpd_withgroup=dhcpd # group name to run as
dhcpd_chroot_enable=YES   # runs chrooted?
dhcpd_devfs_enable=YES# use devfs if available?
dhcpd_rootdir=/var/db/dhcpd   # directory to run in
dhcpd_includedir= # directory with config-

Here's the full pkg-message:

[EMAIL PROTECTED]/usr/ports/net/isc-dhcp3-server $ make display-message

  To setup dhcpd, you may have to copy /usr/local/etc/dhcpd.conf.sample
  to /usr/local/etc/dhcpd.conf for editing.

  This port installs dhcp daemon, but don't invokes dhcpd by default. If
  you want to invoke dhcpd at startup, put these lines into /etc/rc.conf.

dhcpd_enable=YES  # dhcpd enabled?
dhcpd_flags=-q# command option(s)
dhcpd_conf=/usr/local/etc/dhcpd.conf  # configuration file
dhcpd_ifaces= # ethernet interface(s)
dhcpd_withumask=022   # file creation mask

  If compiled with paranoia support (the default), the following lines
  are also supported:

dhcpd_chuser_enable=YES   # runs w/o privileges?
dhcpd_withuser=dhcpd  # user name to run as
dhcpd_withgroup=dhcpd # group name to run as
dhcpd_chroot_enable=YES   # runs chrooted?
dhcpd_devfs_enable=YES  # use devfs if available?
dhcpd_makedev_enable=YES# use MAKEDEV instead?
dhcpd_rootdir=/var/db/dhcpd   # directory to run in
dhcpd_includedir=some_dir   # directory with config-
  files to include
dhcpd_flags=-early_chroot # needs full root

  WARNING: -early_chroot requires a jail(8) like environment to work.

  WARNING: dhcpd_devfs_enable and dhcpd_makedev_enable are mutually
   exclusive
   dhcpd_makedev_enable make NO sense on FreeBSD 5.x and up!

  If compiled with jail support (the default), the following lines are
  also supported (-early_chroot and dhcpd_chroot_enable=YES are implied):

dhcpd_jail_enable=YES # runs imprisoned?
dhcpd_hostname=hostname # jail hostname
dhcpd_ipaddress=ip address  # jail ip address

  WARNING: dhcpd_rootdir needs to point to a full jail(8) environment.

  WARNING: never edit the chrooted or jailed dhcpd.conf file but
  /usr/local/etc/dhcpd.conf instead which is always copied where
  needed upon startup.

  WARNING: /usr/local/etc/rc.isc-dhcpd.conf is obsolete.  rc.conf like
  variables are still read there but should be moved /etc/rc.conf or
  /etc/rc.conf.d/dhcpd instead.  Also, the dhcpd_options variable must
  be renamed dhcpd_flags if any.


-- 
Kelly D. Grills
[EMAIL PROTECTED]



pgpuJ4kh8oKPm.pgp
Description: PGP signature