NetBSD Problem Report #30420

From christos@zoulas.com  Fri Jun  3 20:19:11 2005
Return-Path: <christos@zoulas.com>
Received: from quasar.astron.com (cpe-68-175-70-103.nyc.res.rr.com [68.175.70.103])
	by narn.netbsd.org (Postfix) with ESMTP id 24E8A63B104
	for <gnats-bugs@gnats.NetBSD.org>; Fri,  3 Jun 2005 20:19:11 +0000 (UTC)
Message-Id: <20050603201910.1AD5F52F9@quasar.astron.com>
Date: Fri,  3 Jun 2005 16:19:10 -0400 (EDT)
From: christos@netbsd.org
Reply-To: christos@netbsd.org
To: gnats-bugs@netbsd.org
Subject: chrooted named does not work out of the box.
X-Send-Pr-Version: 3.95

>Number:         30420
>Category:       bin
>Synopsis:       chrooted named does not work out of the box.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Fri Jun 03 20:20:00 +0000 2005
>Last-Modified:  Sat May 09 20:10:01 +0000 2026
>Originator:     Christos Zoulas
>Release:        NetBSD 3.99.5
>Organization:
	What day is it today?
>Environment:
System: NetBSD quasar.astron.com 3.99.5 NetBSD 3.99.5 (QUASAR) #3: Sun May 29 16:47:58 EDT 2005 christos@quasar.astron.com:/usr/src/sys/arch/i386/compile/QUASAR i386
Architecture: i386
Machine: i386
>Description:
	It would be nice if adding named=YES named_chrootdir=/var/chroot/named
	worked without user intervention. The named script tries, but it
	does not complete the job.

>How-To-Repeat:
	add named=YES and named_chrootdir=/var/chroot/named in /etc/rc.conf
	and start named on a freshly built system. Look in /var/log/messages.
>Fix:
	This patch copies the skeleton files and makes a symlink to a
	default named.conf (both in the chrooted and non-chrooted case).
	This way named works out of the box.

Index: named
===================================================================
RCS file: /cvsroot/src/etc/rc.d/named,v
retrieving revision 1.15
diff -u -u -r1.15 named
--- named	17 Mar 2005 18:44:09 -0000	1.15
+++ named	3 Jun 2005 20:15:28 -0000
@@ -58,6 +58,19 @@
 		fi
 	done

+	if [ -d /etc/namedb ]; then
+		(cd /etc/namedb && for i in *; do
+			j=${named_chrootdir}/etc/namedb/$i
+			if [ ! -r $j ]; then
+				cp -rp $i $j
+			fi
+		done)
+	fi
+	if [ \( ! -r ${named_chrootdir}/etc/named.conf \) -a \
+	    \( -r ${named_chrootdir}/etc/namedb/named.conf \) ]; then
+		ln -s namedb/named.conf ${named_chrootdir}/etc
+	fi
+
 	if [ -f /etc/localtime ]; then
 		cmp -s /etc/localtime "${named_chrootdir}/etc/localtime" || \
 		    cp -p /etc/localtime "${named_chrootdir}/etc/localtime"

>Audit-Trail:
From: YOMURA Masanori <m4nb@biff.mail-box.ne.jp>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: bin/30420
Date: Wed, 31 Aug 2005 23:47:41 +0900

 Current chrooted named (rc.d/named revision 1.17) fails file migration.

 i tried to invoke named with chrootdir:
  rc.conf:
  named=YES
  named_chrootdir="/var/chroot/named"

 but it fails:
  # /etc/rc.d/named start
  Starting named.
  # pgrep named
  #
 log:
  named[1498]: starting BIND 9.3.0 -u named -t /var/chroot/named
  named[1498]: found 1 CPU, using 1 worker thread
  named[1498]: loading configuration from '/etc/named.conf'
  named[1498]: none:0: open: /etc/named.conf: file not found
  named[1498]: loading configuration: file not found
  named[1498]: exiting (due to fatal error)

 because migration process makes bad pathnamed files.
 (e.g. namedbnamed.conf, rather than namedb/named.conf)
  % ls /var/chroot/named/etc/
  localtime           namedb127           namedbloopback.v6   namedbroot.cache
  namedb/             namedblocalhost     namedbnamed.conf

 How-to-Fix:
 Add '/' after $dst in named_migrate function.

 Misc:
 After this migration, /etc/security complains...
  Checking special files and directories.
  etc/namedb: 
          type (dir, link)

From: List Mail User <track@Plectere.com>
To: gnats-bugs@NetBSD.org
Cc: track@Plectere.com
Subject: Re: bin/30420
Date: Wed, 31 Aug 2005 09:44:01 -0700 (PDT)

 	Is the entire "migration" process any improvement over using
 symlinks in /etc.  Using symlinks allows editing the historic paths
 then a "traditional" "kill -s HUP' on the daemons to work.  This method
 aplies to this PR and generally to all "chroot"'d daemons.  It also
 has the benefit of saving filesystem space (assuming the symlinks are
 smaller than the files themselves) particularly for embedded systems
 and avoiding writes when using non-disk media (e.g. CF cards, etc.).

 	Examples:

 % ls -ls /etc/named* /etc/rndc.key /etc/ntp.conf
 0 lrwxr-xr-x  1 root  wheel  17 Jan 31  2005 /etc/named.conf -> namedb/named.conf
 0 lrwxr-xr-x  1 root  wheel  28 Jan 26  2002 /etc/namedb -> /var/chroot/named/etc/namedb
 0 lrwxr-xr-x  1 root  wheel  29 Aug 31 09:42 /etc/ntp.conf -> /var/chroot/ntpd/etc/ntp.conf
 0 lrwxr-xr-x  1 root  wheel  30 Jun 24  2004 /etc/rndc.key -> /var/chroot/named/etc/rndc.key


 	Paul Shupak
 	track@plectere.com

From: "Jeremy C. Reed" <reed@reedmedia.net>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: Re: bin/30420: chrooted named does not work out of the box.
Date: Fri, 8 May 2026 22:41:03 +0000 (UTC)

 It appears the changes proposed in this ticket were applied and then 
 since then further improvements to handle the copying for the files for 
 chroot environment.

 But new problem:

 May  8 22:34:20 t1 named[27559]: invalid managed-keys-directory keys: 
 file not found

 If named_chrootdir is defined on first run of the rc.d script then no 
 keys directory.
 This solved it for me:

 +       if [ ! -d "/etc/namedb/keys" ]; then
 +               mkdir -m 775 "/etc/namedb/keys"
 +               chown named:named "/etc/namedb/keys"
 +       fi
 +
          if [ -z "$named_chrootdir" ]; then
 -               if [ ! -d "/etc/namedb/keys" ]; then
 -                       mkdir -m 775 "/etc/namedb/keys"
 -                       chown named:named "/etc/namedb/keys"
 -               fi
                  return 0;
          fi

From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/30420 CVS commit: src/etc/rc.d
Date: Sat, 9 May 2026 16:07:10 -0400

 Module Name:	src
 Committed By:	christos
 Date:		Sat May  9 20:07:10 UTC 2026

 Modified Files:
 	src/etc/rc.d: named

 Log Message:
 PR/30420: Jeremy C. Reed: Always check and create the keys directory if
 it does not exist.


 To generate a diff of this commit:
 cvs rdiff -u -r1.29 -r1.30 src/etc/rc.d/named

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.49 2026/05/14 01:52:41 riastradh Exp $
$NetBSD: gnats_config.sh,v 1.10 2026/05/13 22:00:09 riastradh Exp $
Copyright © 1994-2026 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.