--WIyZ46R2i8wDzkSu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

on Mon, Apr 07, 2003 at 06:03:19PM -0400, Steve Bellovin wrote:
> named has a chroot option.  However, the bind9 package does
> not.  I would think that it should.

If you mean the rc.d script, I had this lying around, based on
/etc/rc.d/named.


--WIyZ46R2i8wDzkSu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="named9.diff"

--- named.sh	Tue Sep 24 11:22:11 2002
+++ named9	Mon Apr  7 23:18:19 2003
@@ -2,17 +2,21 @@
 #
 # $NetBSD: named.sh,v 1.2 2002/09/23 14:40:52 grant Exp $
 #
+
 # PROVIDE: named
 # REQUIRE: SERVERS
+# BEFORE:  DAEMON
+# KEYWORD: chrootdir
 
 . /etc/rc.subr
 
 name="named"
 rcvar=${name}9
-command="@PREFIX@/sbin/${name}"
+command="/usr/pkg/sbin/${name}"
 pidfile="/var/run/${name}.pid"
-
+start_precmd="named_precmd"
 extra_commands="reload"
+required_dirs="$named9_chrootdir"	# if it is set, it must exist
 
 load_rc_config ${name}9		# check /etc/rc.conf.d/named9
 
@@ -24,7 +28,24 @@
 	"disable 'named' when setting 'named9'!"
 		return 1
 	fi
+
+	if [ -z "$named9_chrootdir" ]; then
+		return 0
+	fi
+
+	for dev in null random; do
+		if [ ! -c "${named9_chrootdir}/dev/$dev" ]; then
+			rm -f "${named9_chrootdir}/dev/$dev"
+			(cd /dev; pax -rw -pe $dev "${named9_chrootdir}/dev")
+		fi
+	done
+	if [ -f /etc/localtime ]; then
+		cmp -s /etc/localtime "${named9_chrootdir}/etc/localtime" || \
+		    cp -p /etc/localtime "${named9_chrootdir}/etc/localtime"
+	fi
+	ln -fs "${named9_chrootdir}/var/run/named.pid" /var/run/named.pid
+
+	rc_flags="-u named -t ${named9_chrootdir} $rc_flags"
 }
-start_precmd="named_precmd"
 
 run_rc_command "$1"

--WIyZ46R2i8wDzkSu--