NetBSD Problem Report #30420
From christos@zoulas.com Fri Jun 3 20:19:11 2005
Return-Path: <christos@zoulas.com>
Received: from quasar.astron.com (cpe-68-175-70-103.nyc.res.rr.com [68.175.70.103])
by narn.netbsd.org (Postfix) with ESMTP id 24E8A63B104
for <gnats-bugs@gnats.NetBSD.org>; Fri, 3 Jun 2005 20:19:11 +0000 (UTC)
Message-Id: <20050603201910.1AD5F52F9@quasar.astron.com>
Date: Fri, 3 Jun 2005 16:19:10 -0400 (EDT)
From: christos@netbsd.org
Reply-To: christos@netbsd.org
To: gnats-bugs@netbsd.org
Subject: chrooted named does not work out of the box.
X-Send-Pr-Version: 3.95
>Number: 30420
>Category: bin
>Synopsis: chrooted named does not work out of the box.
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bin-bug-people
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Fri Jun 03 20:20:00 +0000 2005
>Last-Modified: Wed Aug 31 16:45:00 +0000 2005
>Originator: Christos Zoulas
>Release: NetBSD 3.99.5
>Organization:
What day is it today?
>Environment:
System: NetBSD quasar.astron.com 3.99.5 NetBSD 3.99.5 (QUASAR) #3: Sun May 29 16:47:58 EDT 2005 christos@quasar.astron.com:/usr/src/sys/arch/i386/compile/QUASAR i386
Architecture: i386
Machine: i386
>Description:
It would be nice if adding named=YES named_chrootdir=/var/chroot/named
worked without user intervention. The named script tries, but it
does not complete the job.
>How-To-Repeat:
add named=YES and named_chrootdir=/var/chroot/named in /etc/rc.conf
and start named on a freshly built system. Look in /var/log/messages.
>Fix:
This patch copies the skeleton files and makes a symlink to a
default named.conf (both in the chrooted and non-chrooted case).
This way named works out of the box.
Index: named
===================================================================
RCS file: /cvsroot/src/etc/rc.d/named,v
retrieving revision 1.15
diff -u -u -r1.15 named
--- named 17 Mar 2005 18:44:09 -0000 1.15
+++ named 3 Jun 2005 20:15:28 -0000
@@ -58,6 +58,19 @@
fi
done
+ if [ -d /etc/namedb ]; then
+ (cd /etc/namedb && for i in *; do
+ j=${named_chrootdir}/etc/namedb/$i
+ if [ ! -r $j ]; then
+ cp -rp $i $j
+ fi
+ done)
+ fi
+ if [ \( ! -r ${named_chrootdir}/etc/named.conf \) -a \
+ \( -r ${named_chrootdir}/etc/namedb/named.conf \) ]; then
+ ln -s namedb/named.conf ${named_chrootdir}/etc
+ fi
+
if [ -f /etc/localtime ]; then
cmp -s /etc/localtime "${named_chrootdir}/etc/localtime" || \
cp -p /etc/localtime "${named_chrootdir}/etc/localtime"
>Audit-Trail:
From: YOMURA Masanori <m4nb@biff.mail-box.ne.jp>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: bin/30420
Date: Wed, 31 Aug 2005 23:47:41 +0900
Current chrooted named (rc.d/named revision 1.17) fails file migration.
i tried to invoke named with chrootdir:
rc.conf:
named=YES
named_chrootdir="/var/chroot/named"
but it fails:
# /etc/rc.d/named start
Starting named.
# pgrep named
#
log:
named[1498]: starting BIND 9.3.0 -u named -t /var/chroot/named
named[1498]: found 1 CPU, using 1 worker thread
named[1498]: loading configuration from '/etc/named.conf'
named[1498]: none:0: open: /etc/named.conf: file not found
named[1498]: loading configuration: file not found
named[1498]: exiting (due to fatal error)
because migration process makes bad pathnamed files.
(e.g. namedbnamed.conf, rather than namedb/named.conf)
% ls /var/chroot/named/etc/
localtime namedb127 namedbloopback.v6 namedbroot.cache
namedb/ namedblocalhost namedbnamed.conf
How-to-Fix:
Add '/' after $dst in named_migrate function.
Misc:
After this migration, /etc/security complains...
Checking special files and directories.
etc/namedb:
type (dir, link)
From: List Mail User <track@Plectere.com>
To: gnats-bugs@NetBSD.org
Cc: track@Plectere.com
Subject: Re: bin/30420
Date: Wed, 31 Aug 2005 09:44:01 -0700 (PDT)
Is the entire "migration" process any improvement over using
symlinks in /etc. Using symlinks allows editing the historic paths
then a "traditional" "kill -s HUP' on the daemons to work. This method
aplies to this PR and generally to all "chroot"'d daemons. It also
has the benefit of saving filesystem space (assuming the symlinks are
smaller than the files themselves) particularly for embedded systems
and avoiding writes when using non-disk media (e.g. CF cards, etc.).
Examples:
% ls -ls /etc/named* /etc/rndc.key /etc/ntp.conf
0 lrwxr-xr-x 1 root wheel 17 Jan 31 2005 /etc/named.conf -> namedb/named.conf
0 lrwxr-xr-x 1 root wheel 28 Jan 26 2002 /etc/namedb -> /var/chroot/named/etc/namedb
0 lrwxr-xr-x 1 root wheel 29 Aug 31 09:42 /etc/ntp.conf -> /var/chroot/ntpd/etc/ntp.conf
0 lrwxr-xr-x 1 root wheel 30 Jun 24 2004 /etc/rndc.key -> /var/chroot/named/etc/rndc.key
Paul Shupak
track@plectere.com
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.