BIND in chroot on gentoo with systemd
Message
BIND in chroot on gentoo with systemd
Has anyone gotten bind/named working with gentoo running systemd in chroot jail, couldn't find any scripts or documentation regarding that, the bind wiki only covers openrc
Ok I tried it.Its a little buggy.
This is what I did
First in /etc/conf.d/named i set chroot dir to /var/chroot/bind.
Then
To unset comment out chroot dir in /etc/conf.d/named and rerun
Then
This is what I did
First in /etc/conf.d/named i set chroot dir to /var/chroot/bind.
Then
Code: Select all
mkdir /var/chroot
emerge --config =net-dns/bind-9.16.42 ### specify your version.
/etc/init.d/named restart ####in your case systemctl restart named
#### for me it failed here complaining there is no named.conf in chroot.So I did
cp -pa /var/bind/* /var/chroot/bind/var/bind/
cp -pa /etc/bind/* /var/chroot/bind/etc/bind/
/etc/init.d/named restart #### systemctl restart named
###It worked.
Code: Select all
emerge --config =net-dns/bind-9.16.42 ### ignore the error about failing to UNSET CHROOT
/etc/init.d/named restart ####in your case systemctl restart named
reboot
Code: Select all
rm -rf /var/chroot/bind
Here's what had to be done to get it to work with systemd:
Using the original /etc/conf.d/named config, set your chroot directory
Run the emerge config script to populate the chroot directory:
Create 2 new scripts, one to mount the bind mounts, and another to unmount them
bindmount.sh:
bindunmount.sh
modify the systemd unit file "systemctl edit named":
then systemctl daemon-reload
systemctl start named and systemctl stop named should now properly start and stop named, and mount/unmount the directories.
The /etc/init.d/named rc-scripts are doing a few other things and consider addons like geoip, but this is the minimal necessary to get up and running with a base install
Using the original /etc/conf.d/named config, set your chroot directory
Code: Select all
CHROOT="/named"
Code: Select all
emerge --config =net-dns/bind-9.16.42
bindmount.sh:
Code: Select all
#!/bin/bash
_mount() {
from="$1"
to="$2"
# Check if mounted, else mount
if ! mountpoint -q "$to"; then
mount "$from" "$to" -o bind
fi
}
# Mount the directories
_mount "/etc/bind" "/named/etc/bind"
_mount "/var/bind" "/named/var/bind"
_mount "/var/log/named" "/named/var/log/named"
Code: Select all
#!/bin/bash
_unmount() {
mount_point="$1"
# Check if mounted and unmount
if mountpoint -q "$mount_point"; then
umount "$mount_point"
fi
}
# Unmount directories
_unmount "/named/etc/bind"
_unmount "/named/var/bind"
_unmount "/named/var/log/named"
Code: Select all
[Service]
ExecStartPre=
ExecStartPre=/usr/local/bin/bindmount.sh
ExecStartPre=/usr/libexec/generate-rndc-key.sh
ExecStartPre=/usr/sbin/named-checkconf -z /etc/bind/named.conf
ExecStart=
ExecStart=/usr/sbin/named -t /named -u named -f
ExecStop=
ExecStop=/usr/sbin/rndc stop
ExecStopPost=/usr/local/bin/bindunmount.sh
systemctl start named and systemctl stop named should now properly start and stop named, and mount/unmount the directories.
The /etc/init.d/named rc-scripts are doing a few other things and consider addons like geoip, but this is the minimal necessary to get up and running with a base install