Bug 732312

Summary: named-checkconf: wrong-path resolution in chroot
Product: [Fedora] Fedora Reporter: Harald Reindl <h.reindl>
Component: bindAssignee: Adam Tkac <atkac>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 14CC: atkac, ovasik
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-09-14 12:14:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Harald Reindl 2011-08-21 22:40:14 UTC 
running bind-chroot the config-check does not recognize that  directory "/var/named"; starts physically under /var/named/chroot/ and so include "zones-home-ptr/config.dns"; is correct because if you use the real fs-path bind would not start

____________________________

[root@ns2:~]$ named-checkconf 
/etc/named.conf:174: open: zones-home-ptr/config.dns: file not found

[root@ns2:~]$ locate config.dns
/var/named/chroot/var/named/zones-home-ptr/config.dns
Comment 1 Adam Tkac 2011-09-14 12:14:35 UTC 
You have to pass the "-t <rootdir>" argument to named-checkconf:

`man 8 named-checkconf` says:
...
-t directory
    Chroot to directory so that include directives in the configuration file are processed as if run by a similarly chrooted named.
...

After that everything should work as expected. Closing.
Comment 2 Harald Reindl 2011-09-14 12:26:16 UTC 
but the chroot is the default and rkhunter is checking this also (both fedora packages)
Comment 3 Adam Tkac 2011-09-14 12:47:04 UTC 
(In reply to comment #2)
> but the chroot is the default and rkhunter is checking this also (both fedora
> packages)

Right you are. However I cannot change default behaviour of named-checkconf because it will be too big divergence from upstream.

Another possible solution is to re-add the "checkconfig" target to the initscript to F14 (it is already present in F15 initscript). The initscript can automatically add the -t option to the named-checkconf so everything is OK.

If you want the "checkconfig" target in the F14, please reopen this bug and I will add it.
Comment 4 Harald Reindl 2011-09-14 12:51:16 UTC 
i think this would make sense because it is odd that rkhunter warns about inconsistent named-configuration