diff options
author | dougb <dougb@FreeBSD.org> | 2004-09-28 09:46:00 +0000 |
---|---|---|
committer | dougb <dougb@FreeBSD.org> | 2004-09-28 09:46:00 +0000 |
commit | a0c7847c5ba90a7ccc3ba1ea38781396bffaffe6 (patch) | |
tree | adec461a57e953379f28f1be08a23b3081ed6d6a /etc/rc.d | |
parent | d3ceec948f3a65b58d702b97a626bcd5a6120632 (diff) | |
download | FreeBSD-src-a0c7847c5ba90a7ccc3ba1ea38781396bffaffe6.zip FreeBSD-src-a0c7847c5ba90a7ccc3ba1ea38781396bffaffe6.tar.gz |
Create a named chroot directory structure in /var/named, and use it
by default when named is enabled. Also, improve our default directory
layout by creating /var/named/etc/namedb/{master|slave} directories,
and use the former for the generated localhost* files.
Rather than using pax to copy device entries, mount devfs in the
chroot directory.
There may be some corner cases where things need to be adjusted,
but overall this structure has been well tested on a production
network, and should serve the needs of the vast majority of users.
UPDATING has instructions on how to do the conversion for those
with existing configurations.
Diffstat (limited to 'etc/rc.d')
-rwxr-xr-x | etc/rc.d/named | 40 |
1 files changed, 30 insertions, 10 deletions
diff --git a/etc/rc.d/named b/etc/rc.d/named index c915afd..514e6c6 100755 --- a/etc/rc.d/named +++ b/etc/rc.d/named @@ -29,19 +29,37 @@ extra_commands="reload" # chroot_autoupdate() { - # Copy devices if necessary. Preserve everything (perms, - # ownership, mod times). + # Create (or update) the chroot directory structure # - if [ ! -c "${named_chrootdir}/dev/null" ]; then - rm -f "${named_chrootdir}/dev/null" - ( cd /dev ; /bin/pax -rw -pe null "${named_chrootdir}/dev" ) + if [ -f /etc/mtree/BIND.chroot.dist ]; then + mtree -deU -f /etc/mtree/BIND.chroot.dist \ + -p ${named_chrootdir} + else + warn "/etc/mtree/BIND.chroot.dist missing," + warn "chroot directory structure not updated" + fi + + # Create /etc/namedb symlink + # + if [ ! -L /etc/namedb ]; then + if [ -d /etc/namedb ]; then + warn "named chroot: /etc/namedb is a directory!" + elif [ -e /etc/namedb ]; then + warn "named chroot: /etc/namedb exists!" + else + ln -s ${named_chrootdir}/etc/namedb /etc/namedb + fi fi - if [ ! -c "${named_chrootdir}/dev/random" ]; then - rm -f "${named_chrootdir}/dev/random" - ( cd /dev ; /bin/pax -rw -pe random "${named_chrootdir}/dev" ) + + # Mount a devfs in the chroot directory if needed + # + if [ ! -c ${named_chrootdir}/dev/random -o \ + ! -c ${named_chrootdir}/dev/null ]; then + umount ${named_chrootdir}/dev 2>/dev/null + mount_devfs devfs ${named_chrootdir}/dev fi - # Copy local timezone information if it's not up-to-date. + # Copy local timezone information if it is not up to date. # if [ -f /etc/localtime ]; then cmp -s /etc/localtime "${named_chrootdir}/etc/localtime" || \ @@ -62,15 +80,17 @@ named_precmd() local confgen_chroot # Is the user using a sandbox? + # if [ -n "$named_chrootdir" ]; then rc_flags="$rc_flags -t $named_chrootdir" - confgen_chroot="-t${named_chrootdir}" + confgen_chroot="-t${named_chrootdir} -u bind" checkyesno named_chroot_autoupdate && chroot_autoupdate else named_symlink_enable=NO fi # Create an rndc.key file for the user if none exists + # if [ ! -f "${named_chrootdir}/etc/namedb/rndc.key" -a \ ! -f "${named_chrootdir}/etc/namedb/rndc.conf" ]; then rndc-confgen -a -b256 ${confgen_chroot} |