NetBSD Problem Report #30420

From christos@zoulas.com  Fri Jun  3 20:19:11 2005
Return-Path: <christos@zoulas.com>
Received: from quasar.astron.com (cpe-68-175-70-103.nyc.res.rr.com [68.175.70.103])
	by narn.netbsd.org (Postfix) with ESMTP id 24E8A63B104
	for <gnats-bugs@gnats.NetBSD.org>; Fri,  3 Jun 2005 20:19:11 +0000 (UTC)
Message-Id: <20050603201910.1AD5F52F9@quasar.astron.com>
Date: Fri,  3 Jun 2005 16:19:10 -0400 (EDT)
From: christos@netbsd.org
Reply-To: christos@netbsd.org
To: gnats-bugs@netbsd.org
Subject: chrooted named does not work out of the box.
X-Send-Pr-Version: 3.95

>Number:         30420
>Category:       bin
>Synopsis:       chrooted named does not work out of the box.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Fri Jun 03 20:20:00 +0000 2005
>Last-Modified:  Wed Aug 31 16:45:00 +0000 2005
>Originator:     Christos Zoulas
>Release:        NetBSD 3.99.5
>Organization:
	What day is it today?
>Environment:
System: NetBSD quasar.astron.com 3.99.5 NetBSD 3.99.5 (QUASAR) #3: Sun May 29 16:47:58 EDT 2005 christos@quasar.astron.com:/usr/src/sys/arch/i386/compile/QUASAR i386
Architecture: i386
Machine: i386
>Description:
	It would be nice if adding named=YES named_chrootdir=/var/chroot/named
	worked without user intervention. The named script tries, but it
	does not complete the job.

>How-To-Repeat:
	add named=YES and named_chrootdir=/var/chroot/named in /etc/rc.conf
	and start named on a freshly built system. Look in /var/log/messages.
>Fix:
	This patch copies the skeleton files and makes a symlink to a
	default named.conf (both in the chrooted and non-chrooted case).
	This way named works out of the box.

Index: named
===================================================================
RCS file: /cvsroot/src/etc/rc.d/named,v
retrieving revision 1.15
diff -u -u -r1.15 named
--- named	17 Mar 2005 18:44:09 -0000	1.15
+++ named	3 Jun 2005 20:15:28 -0000
@@ -58,6 +58,19 @@
 		fi
 	done

+	if [ -d /etc/namedb ]; then
+		(cd /etc/namedb && for i in *; do
+			j=${named_chrootdir}/etc/namedb/$i
+			if [ ! -r $j ]; then
+				cp -rp $i $j
+			fi
+		done)
+	fi
+	if [ \( ! -r ${named_chrootdir}/etc/named.conf \) -a \
+	    \( -r ${named_chrootdir}/etc/namedb/named.conf \) ]; then
+		ln -s namedb/named.conf ${named_chrootdir}/etc
+	fi
+
 	if [ -f /etc/localtime ]; then
 		cmp -s /etc/localtime "${named_chrootdir}/etc/localtime" || \
 		    cp -p /etc/localtime "${named_chrootdir}/etc/localtime"

>Audit-Trail:
From: YOMURA Masanori <m4nb@biff.mail-box.ne.jp>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: bin/30420
Date: Wed, 31 Aug 2005 23:47:41 +0900

 Current chrooted named (rc.d/named revision 1.17) fails file migration.

 i tried to invoke named with chrootdir:
  rc.conf:
  named=YES
  named_chrootdir="/var/chroot/named"

 but it fails:
  # /etc/rc.d/named start
  Starting named.
  # pgrep named
  #
 log:
  named[1498]: starting BIND 9.3.0 -u named -t /var/chroot/named
  named[1498]: found 1 CPU, using 1 worker thread
  named[1498]: loading configuration from '/etc/named.conf'
  named[1498]: none:0: open: /etc/named.conf: file not found
  named[1498]: loading configuration: file not found
  named[1498]: exiting (due to fatal error)

 because migration process makes bad pathnamed files.
 (e.g. namedbnamed.conf, rather than namedb/named.conf)
  % ls /var/chroot/named/etc/
  localtime           namedb127           namedbloopback.v6   namedbroot.cache
  namedb/             namedblocalhost     namedbnamed.conf

 How-to-Fix:
 Add '/' after $dst in named_migrate function.

 Misc:
 After this migration, /etc/security complains...
  Checking special files and directories.
  etc/namedb: 
          type (dir, link)

From: List Mail User <track@Plectere.com>
To: gnats-bugs@NetBSD.org
Cc: track@Plectere.com
Subject: Re: bin/30420
Date: Wed, 31 Aug 2005 09:44:01 -0700 (PDT)

 	Is the entire "migration" process any improvement over using
 symlinks in /etc.  Using symlinks allows editing the historic paths
 then a "traditional" "kill -s HUP' on the daemons to work.  This method
 aplies to this PR and generally to all "chroot"'d daemons.  It also
 has the benefit of saving filesystem space (assuming the symlinks are
 smaller than the files themselves) particularly for embedded systems
 and avoiding writes when using non-disk media (e.g. CF cards, etc.).

 	Examples:

 % ls -ls /etc/named* /etc/rndc.key /etc/ntp.conf
 0 lrwxr-xr-x  1 root  wheel  17 Jan 31  2005 /etc/named.conf -> namedb/named.conf
 0 lrwxr-xr-x  1 root  wheel  28 Jan 26  2002 /etc/namedb -> /var/chroot/named/etc/namedb
 0 lrwxr-xr-x  1 root  wheel  29 Aug 31 09:42 /etc/ntp.conf -> /var/chroot/ntpd/etc/ntp.conf
 0 lrwxr-xr-x  1 root  wheel  30 Jun 24  2004 /etc/rndc.key -> /var/chroot/named/etc/rndc.key


 	Paul Shupak
 	track@plectere.com
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.