tag:blogger.com,1999:blog-8404509726009905633.post4221668168023360823..comments2023-10-09T14:15:54.979+03:00Comments on Mind Reference: How to chroot bind9 in DebianAndriy Kornatskyyhttp://www.blogger.com/profile/04890869628175359888noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-8404509726009905633.post-71440922804248614462013-02-02T12:05:06.385+02:002013-02-02T12:05:06.385+02:00good old apparmor eh ...
"apparmor="DEN...good old apparmor eh ... <br />"apparmor="DENIED" operation="open" parent=2528 profile="/usr/sbin/named" name="/var/chroot/bind9/usr/lib/x86_64-linux-gnu/openssl-1.0.0/engines/libgost.so" pid=2529 comm="named" requested_mask="r" denied_mask="r" fsuid=105 ouid=0"<br /><br />something like the following seems to work:<Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8404509726009905633.post-74519358087589270002012-12-15T17:43:03.130+02:002012-12-15T17:43:03.130+02:00On Ubuntu 12.04 LTS 64 bit:
Karel Blumentrit'...On Ubuntu 12.04 LTS 64 bit: <br />Karel Blumentrit's solution reads:<br /><br />mkdir -p /var/chroot/bind9/usr/lib/x86_64-linux-gnu<br />cd /var/chroot/bind9/usr/lib/x86_64-linux-gnu<br />cp -R /usr/lib/x86_64-linux-gnu/openssl-1.0.0 .<br /><br />thank youAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-8404509726009905633.post-47296674624402455922012-03-02T10:55:51.848+02:002012-03-02T10:55:51.848+02:00in Wheezy it is the same procedure, but as of vers...in Wheezy it is the same procedure, but as of version 1:9.8.1.df you will get following Error: initializing DST: openssl failure<br /><br />You have do the following:<br /><br />mkdir -p /var/chroot/bind9/usr/lib/i386-linux-gnu<br />cd /var/chroot/bind9/usr/lib/i386-linux-gnu<br />cp -R /var/lib/i386-linux-gnu/openssl-1.0.0 .<br /><br />This is becouse of the DNSSEC Update in the Bind9, after youKarel Blumentrithttps://www.blogger.com/profile/08611073731426018024noreply@blogger.comtag:blogger.com,1999:blog-8404509726009905633.post-77674889396434859142011-08-12T02:40:41.585+03:002011-08-12T02:40:41.585+03:00thanks very much for this blog post, the debian wi...thanks very much for this blog post, the debian wiki page is misleading :/Arnaudhttps://www.blogger.com/profile/09597091265912695302noreply@blogger.comtag:blogger.com,1999:blog-8404509726009905633.post-61279682855587337542011-07-15T11:32:27.186+03:002011-07-15T11:32:27.186+03:00The line echo "$AddUnixListenSocket /var/chro...The line echo "$AddUnixListenSocket /var/chroot/bind9/dev/log" > /etc/rsyslog.d/bind-chroot.conf does not work quite correctly, as it doesn't add $AddUnixListenSocket to the file.<br /><br />If you add a \ before $AddUnixListenSocket it works:<br />echo "\$AddUnixListenSocket /var/chroot/bind9/dev/log" > /etc/rsyslog.d/bind-chroot.conf<br /><br />Otherwise, thank youAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-8404509726009905633.post-83735559360652422872011-04-29T05:59:12.229+03:002011-04-29T05:59:12.229+03:00Sencillamente, muchas gracias por compartir tu con...Sencillamente, muchas gracias por compartir tu conocimiento.<br /><br />Silvino Paredes<br />Guadalajara, Jal. MéxicoAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-8404509726009905633.post-83999650615055462102011-03-29T15:22:39.912+03:002011-03-29T15:22:39.912+03:00Thanks, you made my dayThanks, you made my dayAnonymousnoreply@blogger.com