Re: sandboxing named...
On Tue, Jan 28, 2003 at 01:45:27AM -0500, Chuck Swiger wrote: I believe the normal way to chroot named in FreeBSD is something like: named_enable=YES named_flags=-u bind -g bind -t /etc/namedb -c named.conf ...in /etc/rc.conf. When doing so, the following seems to make life much better for ndc and the config file: mkdir /etc/namedb/etc mkdir /etc/namedb/var mkdir /etc/namedb/var/run ln -s / /etc/namedb/etc/namedb ln -s /etc/namedb/var/run/ndc /var/run/ndc Please read the section on this in the handbook. Ceri -- The brothers of the fire have brought your fate! To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: sandboxing named...
Ceri Davies wrote: [ ... ] Please read the section on this in the handbook. This one: 17.9.8 Running named in a Sandbox Contributed by Ceri Davies. ...? :-) Thank you. -Chuck Hmm. Quick testing suggests that having a /usr/obj tree lying around does trigger the problem of staticly linking as you mentioned. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
sandboxing named...
I believe the normal way to chroot named in FreeBSD is something like: named_enable=YES named_flags=-u bind -g bind -t /etc/namedb -c named.conf ...in /etc/rc.conf. When doing so, the following seems to make life much better for ndc and the config file: mkdir /etc/namedb/etc mkdir /etc/namedb/var mkdir /etc/namedb/var/run ln -s / /etc/namedb/etc/namedb ln -s /etc/namedb/var/run/ndc /var/run/ndc -Chuck PS: I'm not exactly sure whether this is a suggestion, a question to verify that I'm not doing something silly, or some combination. :-) To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message