[Bug 196520] [Patch] dns/bind910 rc.d/named auto-chroot reenable

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon Jan 5 19:21:12 UTC 2015 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196520

            Bug ID: 196520
           Summary: [Patch] dns/bind910 rc.d/named auto-chroot reenable
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: mat at FreeBSD.org
          Reporter: bugzilla.freebsd at omnilan.de
          Assignee: mat at FreeBSD.org
             Flags: maintainer-feedback?(mat at FreeBSD.org)

Created attachment 151361
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=151361&action=edit
auto-chroot merged back from base, mtree follows separately

There was a lot of rumor about auto-chrooting for bind because out-of-the-box
chroot support was removed along with bind from base starting with FreeBSD-10,
see
https://lists.freebsd.org/pipermail/freebsd-stable/2013-December/076028.html

I share the opinion of the majority – it's a significant regression.
So I hacked a quick back-merge from what I appreciated having had in base.
It's meant to change as less as possible, and has been barely tested, but does
work well in my environment.
It's most probably no long term solution, but a quick one for those looking for
the old behaviour we were used up to FreeBSD-10.
All you have to add is
named_chrootdir="/var/named"
to your /etc/rc.conf and make sure the directory you define does exist.

I simply took the old rc.d-script and back-merged the routines with little
matching.
Inside chroot, %%PREFIX%% will be stripped, so your config is in
/var/named/etc/namedb e.g. (not in /var/named/usr/local/etc/namedb!!!)

Feel free to like/dislike/adapt/use/forget it ;-)

For easier reading, I made two patches, especially because I'm unsure if it's a
good idea to install BIND.chroot.dist into %%PREFIX%%/etc/mtree. There are
countless other ways to do it, but like I mentioned, I wanted to make this
addition minimal-invasive in port's perspective.

--- Comment #1 from Bugzilla Automation <bugzilla at FreeBSD.org> ---
Auto-assigned to maintainer mat at FreeBSD.org

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-ports-bugs mailing list