# Additional directories and files can be bind-mounted into chrooted environment
# You may prefer this approach above straight-forward way of copying files as it
# allows to keep a clear list of mounts that can be reviewed and modified at any
# time, to be sure the files are always up-to-date and to allow direct access to
# certain directories and files outside chroot if required.
# 
# A simple example: bind might fail to start with error "no such engine:id=xxxx"
# under some circumstances. Bind uses OpenSSL for DNSSEC. OpenSSL might require
# it's crypto-engines if configured accordingly and it loads it's crypto-engine
# modules after BIND has entered the chroot environment. It looks for it's files
# inside the chroot. We can bind-mount OpenSSL module directory into chroot to
# make sure OpenSSL modules are present.

ROOTDIR_MOUNT='	/usr/lib/openssl-1.0.1m/engines
		/usr/lib64/openssl-1.0.1m/engines'

# Please note that this example suits both i586 and x86_64 environments. Mount
# script skips non-existant files and directories silently. Be careful as it
# skips non-existant mount points the same way. Make sure mount point exists
# when you add your own entries.
#
# It is also generally a good idea to stop named.service before editing the list
# to let helper script release currently active mounts first.

# A more complicated example. Samba 4 and Bind DLZ zones. To be able of reading
# Samba zones Bind requires two things: DLZ module (along with quite a number of
# shared libraries) and direct access to Samba DNS database.
#
# This list is for x86_64 environments - just to keep it short:
#
# ROOTDIR_MOUNT='/etc/samba/smb.conf
# 		/etc/ld.so.conf
#		/etc/ld.so.conf.d
#		/etc/ld.so.cache
#		/usr/lib64/samba
#		/usr/lib64/sasl2
#		/usr/lib64/ldb
#		/usr/lib64/openssl-1.0.1m/engines
#		/usr/lib64/libsamba-hostconfig.so*
#		/usr/lib64/libgensec.so*
#		/usr/lib64/libsamba-util.so*
#		/usr/lib64/libsamba-credentials.so*
#		/usr/lib64/libsamdb.so*
#		/usr/lib64/libldb.so*
#		/usr/lib64/libtalloc.so*
#		/usr/lib64/libndr.so*
#		/usr/lib64/libtevent.so*
#		/usr/lib64/libtevent-util.so*
#		/usr/lib64/libndr-krb5pac.so*
#		/usr/lib64/libgnutls.so*
#		/usr/lib64/libtdb.so*
#		/usr/lib64/libndr-standard.so*
#		/usr/lib64/libndr-nbt.so*
#		/usr/lib64/libp11-kit.so*
#		/usr/lib64/libtasn1.so*
#		/usr/lib64/libnettle.so*
#		/usr/lib64/libhogweed.so*
#		/usr/lib64/libffi.so*
#		/usr/lib64/libdcerpc-binding.so*
#		/usr/lib64/libsmbconf.so*
#		/usr/lib64/libgmp.so*
#		/usr/lib64/libfreebl3.so*
#		/lib64/libpopt.so*
#		/lib64/librt.so*
#		/lib64/libcrypt.so*
#		/lib64/libfreebl3.so*
#		/var/lib/samba/private/dns
#		/var/lib/samba/private/dns.keytab
#		/var/lib/samba/private/sam.ldb.d'
#
# And this one is for i586 environments:
#
# ROOTDIR_MOUNT='/etc/samba/smb.conf
# 		/etc/ld.so.conf
#		/etc/ld.so.conf.d
#		/etc/ld.so.cache
#		/usr/lib/samba
#		/usr/lib/sasl2
#		/usr/lib/ldb
#		/usr/lib/openssl-1.0.1m/engines
#		/usr/lib/libsamba-hostconfig.so*
#		/usr/lib/libgensec.so*
#		/usr/lib/libsamba-util.so*
#		/usr/lib/libsamba-credentials.so*
#		/usr/lib/libsamdb.so*
#		/usr/lib/libldb.so*
#		/usr/lib/libtalloc.so*
#		/usr/lib/libndr.so*
#		/usr/lib/libtevent.so*
#		/usr/lib/libtevent-util.so*
#		/usr/lib/libndr-krb5pac.so*
#		/usr/lib/libgnutls.so*
#		/usr/lib/libtdb.so*
#		/usr/lib/libndr-standard.so*
#		/usr/lib/libndr-nbt.so*
#		/usr/lib/libp11-kit.so*
#		/usr/lib/libtasn1.so*
#		/usr/lib/libnettle.so*
#		/usr/lib/libhogweed.so*
#		/usr/lib/libffi.so*
#		/usr/lib/libdcerpc-binding.so*
#		/usr/lib/libsmbconf.so*
#		/usr/lib/libgmp.so*
#		/usr/lib/libfreebl3.so*
#		/lib/libpopt.so*
#		/lib/librt.so*
#		/lib/libcrypt.so*
#		/lib/libfreebl3.so*
#		/var/lib/samba/private/dns
#		/var/lib/samba/private/dns.keytab
#		/var/lib/samba/private/sam.ldb.d'

# Named chroot directory. Default is "/var/lib/named". It is being provisioned
# by named package and holds utterly minimalistic environment. If you are in
# an unlikely position when you have to keep your own chrooted environment you
# may override this path and adopt helper script for your own needs.
# Normally this variable should be left untouched.
#
# ROOTDIR="/var/lib/named"

