Include protocols and services in chrootmaster

2 files changed, 10 insertions, 4 deletions

diff --git a/bind.spec b/bind.spec
index 3a9b750..16db7c8 100644
--- a/bind.spec
+++ b/bind.spec
@@ -1159,6 +1159,7 @@ rm -rf ${RPM_BUILD_ROOT}
 - Include DNSKEY 20326 also in trusted-key.key (#1505476)
 - Fix dynamic symbols conflict with ldap (#1205168)
 - Use hmac-sha256 for new RNDC keys (#1508003)
+- Include protocols and services in chroot
 
 * Wed Aug 02 2017 Petr Menšík <pemensik@redhat.com> - 32:9.11.2-1
 - Update to 9.11.2
diff --git a/setup-named-chroot.sh b/setup-named-chroot.sh
index 097cb2a..44dccff 100755
--- a/setup-named-chroot.sh
+++ b/setup-named-chroot.sh
@@ -1,9 +1,14 @@
 #!/bin/bash
 
-ROOTDIR_MOUNT='/etc/localtime /etc/named /etc/pki/dnssec-keys /etc/named.root.key /etc/named.conf
-/etc/named.dnssec.keys /etc/named.rfc1912.zones /etc/rndc.conf /etc/rndc.key
-/usr/lib64/bind /usr/lib/bind /etc/named.iscdlv.key /run/named
-/etc/crypto-policies/back-ends/bind.config /var/named'
+# Warning: the order is important
+# If a directory containing $ROOTDIR is listed here,
+# it MUST be listed last. (/var/named contains /var/named/chroot)
+ROOTDIR_MOUNT='/etc/localtime /etc/named.root.key /etc/named.conf
+/etc/named.rfc1912.zones /etc/rndc.conf /etc/rndc.key /etc/named.iscdlv.key
+/etc/crypto-policies/back-ends/bind.config /etc/protocols /etc/services
+/etc/named.dnssec.keys /etc/pki/dnssec-keys
+/etc/named /usr/lib64/bind /usr/lib/bind /run/named
+/var/named'
 
 usage()
 {