cross-posted from: https://infosec.pub/post/15386345
Hi everyone,
This is my
CONTAINERFILE
for Bind9:FROM debian ENV LC_ALL C.UTF-8 # Update and upgrade system RUN apt-get update -y && apt-get upgrade -y && apt-get dist-upgrade -y # Install BIND 9 and sudo (for debugging if needed) RUN apt-get install -y bind9 bind9-dnsutils bind9-libs bind9-utils sudo # Configure permissions for BIND directories RUN mkdir -p /var/cache/bind /var/lib/bind /var/log/bind RUN chown -R bind:bind /var/cache/bind /var/lib/bind /var/log/bind RUN chmod 664 /var/cache/bind /var/lib/bind /var/log/bind RUN chmod -R 664 /var/cache/bind /var/lib/bind /var/log/bind # Create and configure log files RUN touch /var/log/bind/default.log /var/log/bind/update_debug.log /var/log/bind/security_info.log /var/log/bind/bind.log RUN chown -R bind:bind /var/log/bind RUN chmod 644 /var/log/bind/*.log # Define volumes VOLUME ["/etc/bind", "/var/cache/bind", "/var/lib/bind", "/var/log/bind"] # Set the entrypoint to the named executable ENTRYPOINT ["/usr/sbin/named"] # Set the default command arguments for the named executable CMD ["-g"]
I keep getting this error when I run it with podman:
26-Jul-2024 03:18:21.328 loading configuration from '/etc/bind/named.conf' 26-Jul-2024 03:18:21.328 directory '/var/cache/bind' is not writable 26-Jul-2024 03:18:21.332 /etc/bind/named.conf.options:2: parsing failed: permission denied
As you can see from the
CONTAINERFILE
, thebind
user should be able to read and write to/var/cache/bind
but for some reason it doesn’t.I have been at this for a while and I’m at my wits end. Your help is appreciated!
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Is
named
actually running as thebind
user inside the container ? Maybe aUSER bind
line below theRUN
lines will help.It should technically do that already, but as extra insurance I’m running it with the
-u bind
flag inENTRYPOINT
. The problem was solved with achmod 755