This access can be limited using GRSecurity.

Chris Buxton
Professional Services
Men & Mice

On Apr 1, 2008, at 8:20 AM, Jeff Lightner wrote:
> I'm sorry but doesn't this risk someone getting into your chroot
> environment and changing your SCSI setup or other things which is done
> by echoing things into /proc/scsi/...? If it's really required should
> it be a read only mount? The whole point of chroot is to limit what
> can be accessed if the chroot environment is compromised. Giving
> direct
> access to something like /proc seems counterintuitive to me.
>
> I feel I'm missing something important here.
>
> -----Original Message-----
> From: bind-users-bounce@isc.org [mailto:bind-users-bounce@isc.org] On
> Behalf Of greg kuechle
> Sent: Tuesday, April 01, 2008 11:09 AM
> To: Adam Tkac
> Cc: bind-users@isc.org
> Subject: Re: Number of CPUs detected by Bind 9.4.2 on 4 CPU system
> running RedHat es 4.
>
> On Tue, Apr 1, 2008 at 6:23 AM, Adam Tkac wrote:
>> On Mon, Mar 31, 2008 at 11:59:10AM -0600, greg kuechle wrote:
>>> Hello,
>>> I have install bind 9.4.2 on a system with 4 CPUs running RedHat

> es4. I
>>> compiled named with the --enable-threads and used the -n 4 flag

> when I
>>> start named.
>>>
>>> Mar 31 10:12:24 ******** named[4897]: starting BIND 9.4.2 -t

> /opt/named
>>> -u named -n 4 -c /etc/named.conf
>>> Mar 31 16:12:24 ******** named[4897]: found 1 CPU, using 4 worker

>> threads
>>>
>>> Before I upgraded the system it was running an older version of

> named
>> that
>>> comes packaged with the OS.
>>> Here is the output from the logfile.
>>> Mar 24 11:34:13 ******** named[5877]: starting BIND 9.2.4
>>> Mar 24 11:34:13 ******** named[5877]: using 4 CPUs
>>>
>>> Did I compile named wrong?
>>>
>>> Will BIND 9.4.2 use all of the CPUs if I use the -n 4 option at

> startup?
>>>
>>> It looks like named is only running on one CPU. Will named start

> using
>> the
>>> other CPUs once one CPU is up to 100% ?
>>>
>>>
>>> Thank you for any help.
>>>

>>
>> I think you forgot mount /proc filesystem into chroot. You can try it
>> again
>> with /proc mounted in chroot (for example $mount --bind /proc
>> ${CHROOT}/proc)
>>
>> Adam
>>
>> --
>> Adam Tkac, Red Hat, Inc.

>
>
> Thank you Adam,
>
> That did the trick. I mounted /proc in chroot and restarted named.
> I am still using the -n 4 switch. The log output is:
> Apr 1 14:01:58 dnsserver-1 named[31533]: found 4 CPUs, using 4 worker
> threads
>
> When I run a ps -ef | grep name I only see one named process
> running. Is
> this correct ?
> I thought I would see 4 running.
>
> Greg.
> ----------------------------------
> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or
> confidential information and is for the sole use of the intended
> recipient(s). If you are not the intended recipient, any disclosure,
> copying, distribution, or use of the contents of this information is
> prohibited and may be unlawful. If you have received this electronic
> transmission in error, please reply immediately to the sender that
> you have received the message in error, and delete it. Thank you.
> ----------------------------------
>