SCIENTIFIC-LINUX-DEVEL Archives

December 2015

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: bind-9.9.4-29.el7_2.1.x86_64 & chroots.
From:
Steven Haigh <[log in to unmask]>
Reply To:
Steven Haigh <[log in to unmask]>
Date:
Wed, 30 Dec 2015 14:42:41 +1100
Content-Type:
multipart/signed
Parts/Attachments:
text/plain (1301 bytes) , signature.asc (834 bytes) 
Just to follow up on this, it seems that CentOS has the same problem.

The change commit that broke this is:
https://git.centos.org/blobdiff/!rpms!bind.git/d56ed2d3a2736a07a09c268f3b2607cca8f1b6ca/SOURCES!named-chroot.service

Have lodged this in RH bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1294731

--
Steven Haigh

Email: [log in to unmask]
Web: https://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897

On 23/12/2015 1:27 PM, Steven Haigh wrote:
> Hi all,
> 
> Just updated to the latest sl-security-rolling and noticed that the
> named systemd stuff failed on the chroot setup.
> 
> The faulty systemd unit seems to be:
> /usr/lib/systemd/system/named-chroot.service
> 
> It does a sanity check - but doesn't make it relative to the chroot:
> ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ];
> then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking
> of zone files is disabled"; fi'
> 
> If you add the chroot directive in there (which it probably should have
> anyway), then all works:
> ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ];
> then /usr/sbin/named-checkconf -z -t /var/named/chroot /etc/named.conf;
> else echo "Checking of zone files is disabled"; fi'
> 
> Can anyone verify this - and if needed upstream this bug?
>

ATOM RSS1 RSS2