Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
named cannot open /dev/random
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Gentoo on Sparc
View previous topic :: View next topic  
Author Message
active
Apprentice
Apprentice


Joined: 23 Jun 2003
Posts: 228
Location: Something not a structure or union

PostPosted: Fri Sep 02, 2005 4:43 pm    Post subject: named cannot open /dev/random Reply with quote

Hi all, I've a problem on a Sparc Ultra30 with a chrooted bind-9.2.5-r4 installation.
When the server starts, it give me the error:
named[1343]: could not open entropy source /dev/random: permission denied

I tried to give to the user 'named' all privileges on the dev/ directory but nothing has changed.
I tought also it was a grsec problem, but with a clean kernel the problem persists.
The strange thing is that on a x86 machine with the same configuration of the sparc bind runs
without problems.
Although I've this error, the server seems to work fine (I read that the entropy is used only
in TSIG and dynamic updates).
Anyone got a solution for this situation?

My named.conf options are:
Code:
options {
        directory "/var/bind";
        pid-file "/var/run/named.pid";
        dump-file "/var/log/named_dump.db";
        statistics-file "/var/log/named.stats";

        listen-on { 192.168.10.10; };

        query-source address * port 53;

        notify yes;

        forward first;
        forwarders {
                62.149.128.2;   // dns.technorail.com.
                195.31.190.31;  // dnsca.tin.it.
        };

        blackhole { bogon; };
};

_________________
GIT d- s:+>: a-- C+++ UBS+++ P++ L+++
E--- W+ N+ w M- PS+(++) PE PGP+ !t
X++ tv+ b++ D+ G e h! r++ x*
Back to top
View user's profile Send private message
wan-geek
n00b
n00b


Joined: 03 Apr 2003
Posts: 66
Location: knee-deep in the ether

PostPosted: Fri Jan 06, 2006 7:42 am    Post subject: Reply with quote

I hope you have found a solution to this by now (being several months later), ....but I am going to reply for the forum's completeness.

I would first do a search of the forums and check threads such as:
http://forums.gentoo.org/viewtopic-t-332807-highlight-entropy+dev+random.html

As this forum implies, at the end of the emerge of bind there is a set of instructions for running an ebuild that will correct/complete the chroot environment. (I'm assuming you are trying to run a proper chroot'd bind..otherwise you could reach /dev/random outside the jail). [I will admit that I sometimes find myself re-emerging packages just to get the comments/instructions at the end of a build...they can be easy to overlook if you are building a number of packages at once]

Quote:
(output omitted)
* The BIND ebuild now includes chroot support.
* If you like to run bind in chroot AND this is a new install OR
* your bind doesn't already run in chroot, simply run:
* `emerge --config '=net-dns/bind-9.3.2'`
* Before running the above command you might want to change the chroot
* dir in /etc/conf.d/named. Otherwise /chroot/dns will be used.


At any rate, setting up the chroot jail for bind to run is rather simple. (In the case of this reply, bind 9.3.2 is the most recent version installed via emerge.) Run the following command:
Code:
emerge --config '=net-dns/bind-9.3.2'

and it will create the proper chroot environment for you.

Once that is complete, don't forget to edit /etc/conf.d/named to specify the location of the chroot
Code:
CHROOT="/var/named"

to set the chroot to the ebuild environment.

Once all this is complete, I chown'd everything to named:named ...and you're good to go.

Hope this helps.

Cheers mate,
-Chris
Back to top
View user's profile Send private message
linuxbum
Tux's lil' helper
Tux's lil' helper


Joined: 20 Dec 2003
Posts: 131
Location: USA

PostPosted: Fri Jan 06, 2006 10:09 pm    Post subject: Reply with quote

Could this be that you are using udev not defs and the /dev/random is not created?

I don't use the named daemon on my x86 system using udev..

Bryan
Back to top
View user's profile Send private message
wan-geek
n00b
n00b


Joined: 03 Apr 2003
Posts: 66
Location: knee-deep in the ether

PostPosted: Tue Feb 14, 2006 9:18 am    Post subject: Reply with quote

Not a udev problem.

This is caused by the _chroot_ function. It is a very good idea to chroot these processes whenever possible. This limits the ability for a compromise to take over the entire machine as easily.

Since the process is CHange ROOTing to a different location within the filesystem, anything in /dev won't even exist unless it is setup first.

If you recall, even for a gentoo install, you chroot to /mnt/gentoo (or wherever) and start building from there. Same concept.

Once the ebuild script is run, the proper chroot environment is pre-built FOR you. All one needs to do is copy in the zone data files and you're rockin.

Good Luck,
-Chris
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo on Sparc All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum