Please install bind9 in a chroot
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
bind9 (Ubuntu) |
Triaged
|
Wishlist
|
Unassigned |
Bug Description
Binary package hint: bind9
Bind doesn't have the best track record for security and doesn't really access anything outside of itself. Is there any chance for getting it to install into a chroot environment?
Steps to make this possible:
vi /etc/default/bind9 and change OPTIONS to
OPTIONS="-u bind -t /var/spool/bind9"
mkdir -p /var/spool/
mkdir /var/spool/
mkdir -p /var/spool/
mkdir -p /var/spool/
mv /etc/bind /var/spool/
ln -s /var/spool/
mknod /var/spool/
mknod /var/spool/
chmod 666 /var/spool/
chown -R bind:bind /var/spool/
chown -R bind:bind /var/spool/
You also need to make a small change to syslog (this is the tricky bit for automating....)
vi /etc/init.
SYSLOGD="-u syslog -a /var/lib/
Changed in bind9: | |
importance: | Undecided → Wishlist |
status: | New → Triaged |
summary: |
- Installing bind9 in a chroot + Please install bind9 in a chroot |
Unfortunately, if bind9 were to modify /etc/init. d/sysklogd, that would violate policy. We need to have sysklogd export an interface for making the change.