Bug 165017 - Chrooted bind's init script doesn't properly mount/unmount proc
Chrooted bind's init script doesn't properly mount/unmount proc
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: bind (Show other bugs)
4
All Linux
medium Severity medium
: ---
: ---
Assigned To: Martin Stransky
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-08-03 11:55 EDT by Chris Evich
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: FC5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-09-21 22:14:13 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
fix for problem but may not be complete solution in all situations. (523 bytes, patch)
2005-08-03 11:55 EDT, Chris Evich
no flags Details | Diff

  None (edit)
Description Chris Evich 2005-08-03 11:55:21 EDT
Description of problem:
The script uses "grep" logic to determine if it's chroot'ed proc is mounted. 
However, the check is performed with a variably named root directory.  If the
root dir string ends in a "/" then the search term to grep is incorrect and proc
isn't properly mounted/unmounted.

Steps to Reproduce:
1. Start the named service
2. Stop the named service (proc is not unmounted).
3. Start the named service (get error message about proc already being mounted)

()
Comment 1 Chris Evich 2005-08-03 11:55:21 EDT
Created attachment 117412 [details]
fix for problem but may not be complete solution in all situations.
Comment 2 Jason Vas Dias 2005-08-03 12:57:57 EDT
The workaround is of course NOT to append a trailing '/' onto the
$ROOTDIR setting in /etc/sysconfig/named, or to mount the procfs
on /var/named/chroot/proc in /etc/fstab .

The more general fix would be this line in /etc/init.d/named, @line 29:
'
[ -n "$ROOTDIR" ] && ROOTDIR=`echo $ROOTDIR | sed 's#//*#/#g;s#/$##'`
'

This would deal with any sequence of '/'s in $ROOTDIR:
$ ROOTDIR=///////var///named/////////////////chroot//////////////
$ [ -n "$ROOTDIR" ] && ROOTDIR=`echo $ROOTDIR | sed 's#//*#/#g;s#/$##'`
$ echo $ROOTDIR
/var/named/chroot

This change will go into the next BIND version.

Note that use of the bind-chroot environment is made redundant by use
of SELinux in Enforcing mode; you gain no security by using bind-chroot
with SELinux Enforcing, and can safely do 'rpm -e bind-chroot' .
Comment 3 Chris Evich 2005-08-29 13:25:38 EDT
Agreed, though for a name server running on cheap "non-beefy" hardware, the
performance impact of SELinux is a factor.  

Since I am one to run a name server on
they-don't-make-it-like-they-use-to-hardware, chroot is a nice alternative :)
Comment 4 Rahul Sundaram 2005-09-05 01:59:41 EDT
The performance impact for SELinux using targeted policy should be pretty
negligible. You probably need to try that
Comment 5 Bill Nottingham 2006-09-21 22:14:13 EDT
Closing bugs in MODIFIED state from prior Fedora releases. If this bug persists
in a current Fedora release (such as Fedora Core 5 or later), please reopen and
set the version appropriately.

Note You need to log in before you can comment on or make changes to this bug.