Date: Thu, 09 Dec 2004 17:36:06 -0800 From: "Andrew D. Clark" <andrew.clark@ucsb.edu> To: freebsd-questions@freebsd.org Subject: Re: isc-dhcp3-server chroot behavior Message-ID: <03A7E69723C92CF418FACA2F@modulus.oit.ucsb.edu> In-Reply-To: <B7AB4681FBF8712BF64EAA02@localhost.localdomain> References: <B7AB4681FBF8712BF64EAA02@localhost.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
Here's a patch to the isc-dhcpd.sh script in /usr/local/etc/rc.d that handles copying a few files out of /etc into the chroot for name resolution and also handles copying a directory of configs to be included (handy if you want to modularize the config): --- isc-dhcpd.sh.orig Fri Dec 3 14:21:50 2004 +++ isc-dhcpd.sh Fri Dec 3 15:39:03 2004 @@ -11,6 +11,19 @@ # dhcpd_enable="YES" # +# ADC - I've made a few changes to this file. +# +# In order for name resolution to work (necessary if you want to use DNS +# names in the config (e.g. fixed-address somehost instead of some IP) +# copy the following out of /etc: host.conf hosts localtime resolv.conf +# +# define a directory containing included config files and copy those +# to the chroot too. Otherwise, the real included configs must live in +# the chroot. This is confusing compared to the behavior of dhcpd.conf, +# which is copied from /usr/local/etc/dhcpd.conf to the chroot at startup +# and the chrooted copy should not be edited (since changes are lost at +# startup) + . /usr/local/etc/rc.subr name=dhcpd @@ -37,6 +50,10 @@ dhcpd_hostname=${dhcpd_hostname:-} # jail hostname dhcpd_ipaddress=${dhcpd_ipaddress:-} # jail ip address +# added by ADC +dhcpd_include_dir=${dhcpd_include_dir:-} # directory containing included + # config files + safe_run () # rc command [args...] { local _rc @@ -409,6 +426,10 @@ _dhcpd_conffile=${dhcpd_rootdir}${dhcpd_conffile} _dhcpd_pidfile=${dhcpd_rootdir}${dhcpd_pidfile} _dhcpd_leasesfile=${dhcpd_rootdir}${dhcpd_leasesfile} + + # + # added by ADC + _dhcpd_include_dir=${dhcpd_rootdir}${dhcpd_include_dir} } setup_compat () @@ -450,6 +471,22 @@ safe_copy ${dhcpd_devdir} ${_dhcpd_devdir} fi safe_copy ${dhcpd_conffile} ${_dhcpd_conffile} + + # + # added by ADC - copy files out of /etc for name resolution + # host.conf hosts localtime resolv.conf + safe_mkdir ${_dhcpd_rootdir}/etc + safe_copy /etc/host.conf ${_dhcpd_rootdir}/etc/host.conf + safe_copy /etc/hosts ${_dhcpd_rootdir}/etc/hosts + safe_copy /etc/localtime ${_dhcpd_rootdir}/etc/localtime + safe_copy /etc/resolv.conf ${_dhcpd_rootdir}/etc/resolv.conf + + # + # added by ADC - copy dhcpd_include_dir if defined + if [ -d "${dhcpd_include_dir}" ]; then + safe_mkdir ${_dhcpd_include_dir} + safe_copy ${dhcpd_include_dir} ${_dhcpd_include_dir} + fi fi } --On Friday, December 03, 2004 02:38:41 PM -0800 "Andrew D. Clark" <andrew.clark@ucsb.edu> wrote: > Hello, > > I'm using the chrooted isc-dhcp3-server and I'd like the startup > script to do a few extra things which it does not. In order for name > resolution to work for a chrooted dhcp server, the following files > must be in /etc in the chroot: > > host.conf hosts localtime resolv.conf > > The startup script doesn't handle copying those into the chroot, > though I think it should. Name resolution is handy if one wants to > do something like: > > host somehost { > hardware ethernet blahblah; > fixed-address somehost.somedomain; > } > > instead of using an IP address as the parameter for the fixed-address > argument. > > I'd also like to add a feature to the rc script whereby one can > define a directory containing configs to be included in the > dhcpd.conf to also be copied to the chroot. A large configuration > file is often easier to handle if it is broken up into smaller files > which are included into the dhcpd.conf. If these included files > lived only in the chroot, they'd have to be edited there, which would > be confusing compared to the behavior of the dhcpd.conf in the > chroot, which is copied from /usr/local/etc/dhcpd.conf at startup. > > I'm running isc-dhcp3-server-3.0.1.r14_6 > I'll happily submit a patch against the current rc script which > implements these features if desired. > > -- > Andrew Clark > Campus Network Programmer > Office of Information Technology > University of California, Santa Barbara > andrew.clark@ucsb.edu (805) 893-5311 -- Andrew Clark Campus Network Programmer Office of Information Technology University of California, Santa Barbara andrew.clark@ucsb.edu (805) 893-5311
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?03A7E69723C92CF418FACA2F>