Moin! On 05.12.2008, at 17:46, Carl Williams wrote: > During my installation of UNBOUND on Solaris 10 I must make sure > unbound > Can access entropy from inside the chroot. > > On Linux this is very simple by using: > > mount --bind -n /dev/random /etc/unbound/dev/random > mount --bind -n /dev/log /etc/unbound/dev/log > > How may I do this on Solaris 10 as I don’t see that Solaris 10 has > the –bind option to mount. Hmm as /dev/random just is a character device mknod should do. Check the major and minor numbers before doing this: $ ls -l /devices/pseudo/random at 0:random crw-r--r-- 1 root sys 149, 0 Jun 5 2008 /devices/pseudo/ random at 0:random $ ls -l /devices/pseudo/log at 0:log crw-r----- 1 root sys 21, 5 Jun 5 2008 /devices/pseudo/ log at 0:log # mknod /etc/unbound/dev/random c 140 0 # mknod /etc/unbound/dev/log c 21 5 I haven't done this though, because I did found it much more convenient using the other Solaris security features to secure DNS servers. E.g running unbound in a solaris zone which mounts all binaries and library read-only, or allowing the user that runs the DNS server to bind to port 53, which allows it to run without ever becoming root. http://mediacast.sun.com/users/Darren.Moffat/media/solaris10-security.pdf still gives a nice intro to this. So long -Ralf ---- Ralf Weber