Maintained by: NLnet Labs

[Unbound-users] UNBOUND on Solaris 10

Ralf Weber
Fri Dec 5 22:09:47 CET 2008


Moin!

On 05.12.2008, at 17:46, Carl Williams wrote:

> During my installation of UNBOUND on Solaris 10 I must make sure  
> unbound
> Can access entropy from inside the chroot.
>
> On Linux this is very simple by using:
>
> mount --bind -n /dev/random /etc/unbound/dev/random
> mount --bind -n /dev/log /etc/unbound/dev/log
>
> How may I do this on Solaris 10 as I don’t see that Solaris 10 has  
> the –bind option to mount.
Hmm as /dev/random just is a character device mknod should do. Check  
the major and minor numbers before doing this:
$ ls -l /devices/pseudo/random at 0:random
crw-r--r--   1 root     sys      149,  0 Jun  5  2008 /devices/pseudo/ 
random at 0:random
$ ls -l /devices/pseudo/log at 0:log
crw-r-----   1 root     sys       21,  5 Jun  5  2008 /devices/pseudo/ 
log at 0:log
# mknod /etc/unbound/dev/random c 140 0
# mknod /etc/unbound/dev/log c 21 5
I haven't done this though, because I did found it much more  
convenient using the other Solaris security features to secure DNS  
servers. E.g running unbound in a solaris zone which mounts all  
binaries and library read-only, or allowing the user that runs the DNS  
server to bind to port 53, which allows it to run without ever  
becoming root.

http://mediacast.sun.com/users/Darren.Moffat/media/solaris10-security.pdf 
  still gives a nice intro to this.

So long
-Ralf
----
Ralf Weber