[Unbound-users] UNBOUND on Solaris 10
Ralf Weber
unbound at fl1ger.de
Fri Dec 5 21:09:47 UTC 2008
Moin!
On 05.12.2008, at 17:46, Carl Williams wrote:
> During my installation of UNBOUND on Solaris 10 I must make sure
> unbound
> Can access entropy from inside the chroot.
>
> On Linux this is very simple by using:
>
> mount --bind -n /dev/random /etc/unbound/dev/random
> mount --bind -n /dev/log /etc/unbound/dev/log
>
> How may I do this on Solaris 10 as I don’t see that Solaris 10 has
> the –bind option to mount.
Hmm as /dev/random just is a character device mknod should do. Check
the major and minor numbers before doing this:
$ ls -l /devices/pseudo/random at 0:random
crw-r--r-- 1 root sys 149, 0 Jun 5 2008 /devices/pseudo/
random at 0:random
$ ls -l /devices/pseudo/log at 0:log
crw-r----- 1 root sys 21, 5 Jun 5 2008 /devices/pseudo/
log at 0:log
# mknod /etc/unbound/dev/random c 140 0
# mknod /etc/unbound/dev/log c 21 5
I haven't done this though, because I did found it much more
convenient using the other Solaris security features to secure DNS
servers. E.g running unbound in a solaris zone which mounts all
binaries and library read-only, or allowing the user that runs the DNS
server to bind to port 53, which allows it to run without ever
becoming root.
http://mediacast.sun.com/users/Darren.Moffat/media/solaris10-security.pdf
still gives a nice intro to this.
So long
-Ralf
----
Ralf Weber
More information about the Unbound-users
mailing list