[Unbound-users] UNBOUND on Solaris 10

Ralf Weber unbound at fl1ger.de
Fri Dec 5 21:09:47 UTC 2008


On 05.12.2008, at 17:46, Carl Williams wrote:

> During my installation of UNBOUND on Solaris 10 I must make sure  
> unbound
> Can access entropy from inside the chroot.
> On Linux this is very simple by using:
> mount --bind -n /dev/random /etc/unbound/dev/random
> mount --bind -n /dev/log /etc/unbound/dev/log
> How may I do this on Solaris 10 as I don’t see that Solaris 10 has  
> the –bind option to mount.
Hmm as /dev/random just is a character device mknod should do. Check  
the major and minor numbers before doing this:
$ ls -l /devices/pseudo/random at 0:random
crw-r--r--   1 root     sys      149,  0 Jun  5  2008 /devices/pseudo/ 
random at 0:random
$ ls -l /devices/pseudo/log at 0:log
crw-r-----   1 root     sys       21,  5 Jun  5  2008 /devices/pseudo/ 
log at 0:log
# mknod /etc/unbound/dev/random c 140 0
# mknod /etc/unbound/dev/log c 21 5
I haven't done this though, because I did found it much more  
convenient using the other Solaris security features to secure DNS  
servers. E.g running unbound in a solaris zone which mounts all  
binaries and library read-only, or allowing the user that runs the DNS  
server to bind to port 53, which allows it to run without ever  
becoming root.

  still gives a nice intro to this.

So long
Ralf Weber

More information about the Unbound-users mailing list