Moin!
On 05.12.2008, at 17:46, Carl Williams wrote:
During my installation of UNBOUND on Solaris 10 I must make sure
unbound
Can access entropy from inside the chroot.
On Linux this is very simple by using:
mount --bind -n /dev/random /etc/unbound/dev/random
mount --bind -n /dev/log /etc/unbound/dev/log
How may I do this on Solaris 10 as I don’t see that Solaris 10 has
the –bind option to mount.
Hmm as /dev/random just is a character device mknod should do. Check
the major and minor numbers before doing this:
$ ls -l /devices/pseudo/[EMAIL PROTECTED]:random
crw-r--r-- 1 root sys 149, 0 Jun 5 2008 /devices/pseudo/
[EMAIL PROTECTED]:random
$ ls -l /devices/pseudo/[EMAIL PROTECTED]:log
crw-r----- 1 root sys 21, 5 Jun 5 2008 /devices/pseudo/
[EMAIL PROTECTED]:log
# mknod /etc/unbound/dev/random c 140 0
# mknod /etc/unbound/dev/log c 21 5
I haven't done this though, because I did found it much more
convenient using the other Solaris security features to secure DNS
servers. E.g running unbound in a solaris zone which mounts all
binaries and library read-only, or allowing the user that runs the DNS
server to bind to port 53, which allows it to run without ever
becoming root.
http://mediacast.sun.com/users/Darren.Moffat/media/solaris10-security.pdf
still gives a nice intro to this.
So long
-Ralf
----
Ralf Weber
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
