Bug 165017
Summary: | Chrooted bind's init script doesn't properly mount/unmount proc | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Chris Evich <cevich> | ||||
Component: | bind | Assignee: | Martin Stransky <stransky> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 4 | CC: | sundaram | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | FC5 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2006-09-22 02:14:13 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Chris Evich
2005-08-03 15:55:21 UTC
Created attachment 117412 [details]
fix for problem but may not be complete solution in all situations.
The workaround is of course NOT to append a trailing '/' onto the $ROOTDIR setting in /etc/sysconfig/named, or to mount the procfs on /var/named/chroot/proc in /etc/fstab . The more general fix would be this line in /etc/init.d/named, @line 29: ' [ -n "$ROOTDIR" ] && ROOTDIR=`echo $ROOTDIR | sed 's#//*#/#g;s#/$##'` ' This would deal with any sequence of '/'s in $ROOTDIR: $ ROOTDIR=///////var///named/////////////////chroot////////////// $ [ -n "$ROOTDIR" ] && ROOTDIR=`echo $ROOTDIR | sed 's#//*#/#g;s#/$##'` $ echo $ROOTDIR /var/named/chroot This change will go into the next BIND version. Note that use of the bind-chroot environment is made redundant by use of SELinux in Enforcing mode; you gain no security by using bind-chroot with SELinux Enforcing, and can safely do 'rpm -e bind-chroot' . Agreed, though for a name server running on cheap "non-beefy" hardware, the performance impact of SELinux is a factor. Since I am one to run a name server on they-don't-make-it-like-they-use-to-hardware, chroot is a nice alternative :) The performance impact for SELinux using targeted policy should be pretty negligible. You probably need to try that Closing bugs in MODIFIED state from prior Fedora releases. If this bug persists in a current Fedora release (such as Fedora Core 5 or later), please reopen and set the version appropriately. |