From owner-FreeBSD-users-jp@jp.freebsd.org  Fri Dec  1 11:42:44 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id LAA47136;
	Fri, 1 Dec 2000 11:42:44 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from ukulele.tokyo-club.com (ukulele.tokyo-club.com [210.249.81.228])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with SMTP id LAA47129
	for <FreeBSD-users-jp@jp.freebsd.org>; Fri, 1 Dec 2000 11:42:40 +0900 (JST)
	(envelope-from ml@tokyo-club.com)
Received: (qmail 3115 invoked from network); 1 Dec 2000 11:42:36 +0900
Received: from unknown (HELO mandolin) (210.249.81.226)
  by ukulele.tokyo-club.com with SMTP; 1 Dec 2000 11:42:36 +0900
Date: Fri, 01 Dec 2000 11:38:21 +0900
From: Takeshi Nishioka <ml@tokyo-club.com>
To: FreeBSD-users-jp@jp.freebsd.org
In-Reply-To: <3A2704591D1.8045S_TATSUNO@172.20.1.18>
References: <20001201101756.FD5A.ML@tokyo-club.com> <3A2704591D1.8045S_TATSUNO@172.20.1.18>
Message-Id: <20001201111913.FCEE.ML@tokyo-club.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.00
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: FreeBSD-users-jp 57168
Subject: [FreeBSD-users-jp 57168] Re: sandbox
 =?ISO-2022-JP?B?GyRCISIbKEI=?= BIND
 =?ISO-2022-JP?B?GyRCJE4+bDlnGyhC?= 
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: ml@tokyo-club.com

$B2CF#$5$s!"1-:,$5$s!"M-Fq$&$4$6$$$^$9!#8!:w$,B-$j$J$+$C$?$h$&$GH?>J$7$F$$(B
$B$^$9!#(B

$B$=$3$G!"65$($F$$$?$@$$$?(Bsandbox$B$N@bL@$r2?EY$bFI$s$G!"(BBIND$B$K$*$1$k(Bsandbox
$B$NNc$rM}2r$7$h$&$H$7$F$$$k$N$G$9$,!"$J$+$J$+$&$^$/M}2r$G$-$J$$$G$$$^$9!#(B

> UNIX $B$O(B, $BFbItE*$KFs$D$N:=>l(B(sandbox)$B$r<BAu$7$F$$$^$9(B. 

$B$H!"(BFAQ$B$K$O5-:\$5$l$F$$$^$9$,!"$=$N(B1$B$DL\$N!"!V2>A[E*$J!XKIJI!Y$G0O$^$l$F(B
$B$$$k%W%m%;%9!W$K$9$k$K$O!"(BBIND$B$r(Broot$B0J30(B($B:#2s$N>l9g!"%f!<%6!<(BBIND $B%0%k!<(B
$B%W(BBIND)$B$N%f!<%6!<$G<B9T$7$?>l9g$K$N$_!"(Bsandbox$B$J4D6-$H$J$k$N$G$7$g$&$+!)(B

> $B$5$i$K(B /etc/namedb $B$K(B chroot $B$5$;$k$HM7$Y$^$9!#;qNA$,$<$s$<$s$J$/$F!"2TF/(B
> $BCf$N(B named $B$7$+6a$/$K$J$+$C$?$N$G!"$"$^$j<B83$G$-$^$;$s$G$7$?$,!&!&!&(B

$B$^$?!"(Bchroot$B$7$?%G%#%l%/%H%j!<2<$G!"(BBIND$B$r<B9T$7$?>l9g$O!"(B2$B$DL\$N!V%7%_%e(B
$B%l!<%H$5$l$?%^%7%s$NFbB&$G<B9T$5$l$k%W%m%;%9!W$H$J$k$N$G$7$g$&$+!)(B

/etc/named/named.conf $B$K5-:\$5$l$F$$$k(B

// NOTE!!! FreeBSD runs bind in a sandbox (see named_flags in rc.conf).

$B$H$$$&J8>O$,!"1Q8lNO$,$J$$KM$K$O!"$I$&M}2r$7$F$$$$$b$N$d$i<+?.$,$J$$$N$G(B
$B$9$,!"(Bchroot$B!"$^$?$O!"(BBIND$B8"8B$G2TF0$5$;$J$/$H$b!"(BBIND$B$O(Bsandbox$B4D6-$G2T(B
$BF0$9$k$H$$$&M}2r$O4V0c$$$G!">e5-$N(B2$B$D$N4D6-2<$G<B9T$7$?>l9g$K8B$j!"(B
sandbox$B4D6-$G(BBIND$B$O2TF0$7!"$^$?!"$=$NJ}$,%;%-%e%j%F%#!<E*$K$*4+$a$G$"$k(B
$B$H$$$&;v$G$7$g$&$+!)(B
