SCIENTIFIC-LINUX-DEVEL Archives

December 2015

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
bind-9.9.4-29.el7_2.1.x86_64 & chroots.
From:
Steven Haigh <[log in to unmask]>
Reply To:
Steven Haigh <[log in to unmask]>
Date:
Wed, 23 Dec 2015 13:27:49 +1100
Content-Type:
text/plain
Parts/Attachments:
text/plain (28 lines) 
Hi all,

Just updated to the latest sl-security-rolling and noticed that the 
named systemd stuff failed on the chroot setup.

The faulty systemd unit seems to be: 
/usr/lib/systemd/system/named-chroot.service

It does a sanity check - but doesn't make it relative to the chroot:
ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; 
then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking 
of zone files is disabled"; fi'

If you add the chroot directive in there (which it probably should have 
anyway), then all works:
ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; 
then /usr/sbin/named-checkconf -z -t /var/named/chroot /etc/named.conf; 
else echo "Checking of zone files is disabled"; fi'

Can anyone verify this - and if needed upstream this bug?

-- 
Steven Haigh

Email: [log in to unmask]
Web: https://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897

ATOM RSS1 RSS2