#!/bin/bash DIR_RO_SOURCES='/etc/named' DIR_RW_SOURCES='/var/named' FILE_RO_SOURCES='/etc/pki/dnssec-keys /etc/named.conf /etc/named.dnssec.keys /etc/named.rfc1912.zones /etc/rndc.key /etc/named.iscdlv.key /etc/named.root.key' FILE_RW_SOURCES='' if [ `arch` = 'x86_64' ]; then DIR_RO_SOURCES="$DIR_RO_SOURCES /usr/lib64/bind /usr/lib64/openssl" else DIR_RO_SOURCES="$DIR_RO_SOURCES /usr/lib/bind /usr/lib/openssl" fi # allow sources to be overridden if [ -f /etc/sysconfig/named ]; then . /etc/sysconfig/named fi usage() { echo echo 'This script setups chroot environment for BIND' echo 'Usage: setup-named-chroot.sh ROOTDIR [on|off]' } if ! [ "$#" -eq 2 ]; then echo 'Wrong number of arguments' usage exit 1 fi ROOTDIR="$1" # Exit if ROOTDIR isn't defined if ! [ -n "$ROOTDIR" ]; then echo "Root directory not defined" usage exit 1 fi # Exit if ROOTDIR doesn't exist if ! [ -d "$ROOTDIR" ]; then echo "Root directory $ROOTDIR doesn't exist" usage exit 1 fi mount_chroot_conf() { for source in $FILE_RO_SOURCES; do # skip if source does not exist [ ! -f $source ] && continue target=$ROOTDIR$source # skip if target exists and is not empty [ -e $target ] && [ `stat -c'%s' $target` -ne 0 ] && continue touch $target mount --bind $source $target mount -o remount,ro,bind $source $target done for source in $FILE_RW_SOURCES; do # skip if source does not exist [ ! -f $source ] && continue target=$ROOTDIR$source # skip if target exists and is not empty [ -e $target ] && [ `stat -c'%s' $target` -ne 0 ] && continue touch $target mount --bind $source $target done for source in $DIR_RO_SOURCES; do # skip if source does not exist [ ! -d $source ] && continue target=$ROOTDIR$source # skip if target is not empty. [ `ls -1A $target | wc -l` -ne 0 ] && continue mount --bind $source $target mount -o remount,ro,bind $source $target done for source in $DIR_RW_SOURCES; do # skip if source does not exist [ ! -d $source ] && continue target=$ROOTDIR$source # skip if target is not empty. [ `ls -1A $target | wc -l` -ne 0 ] && continue mount --bind $source $target done } umount_chroot_conf() { for source in $DIR_RO_SOURCES $DIR_RW_SOURCES $FILE_RO_SOURCES; do target=$ROOTDIR$source # Check if file is mount target. Do not use /proc/mounts because # detecting of modified mounted files can fail. if mount | grep -q '.* on '$target' .*'; then umount $target # Remove temporary created files [ -f $source ] && rm -f $target fi done } case "$2" in on) mount_chroot_conf ;; off) umount_chroot_conf ;; *) echo 'Second argument has to be "on" or "off"' usage exit 1 esac exit 0