851123 – chroot messed during service named configtest

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 851123 - chroot messed during service named configtest

Summary: chroot messed during service named configtest

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	bind
Sub Component:
Version:	6.3
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Tomáš Hozza
QA Contact:	qe-baseos-daemons
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-08-23 10:08 UTC by albert
Modified:	2018-12-06 14:48 UTC (History)
CC List:	3 users (show)
Fixed In Version:	bind-9.8.2-0.26.rc1.el6
Doc Type:	Bug Fix
Doc Text:	Cause: Previously initscript command configtest did not check if bind was already running, but rather blidly mounted/unmounted the filesystem into chroot. Consequence: As a result, the named chroot root was damaged by executing initscript command configtest while named was running in a chroot. Fix: The initscript was fixed not to mount/unmount the chroot filesystem on execution of configtest command, if the named is running in a chroot. Result: As a result the chroot filesystem is not damaged.
Clone Of:
Environment:
Last Closed:	2014-10-14 04:34:28 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
Don't mount/umount files/dirs if named is running (1.03 KB, patch) 2013-04-05 10:19 UTC, Tomáš Hozza	atkac: review+	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2014:1373	0	normal	SHIPPED_LIVE	bind bug fix and enhancement update	2014-10-14 01:11:10 UTC

Description albert 2012-08-23 10:08:38 UTC

Description of problem:

service named configtest try to umount the chroot provided by bind-chroot, leaving a mess behind if named is up and running. Some files are umounted
and some others not because they are in use.
For example, /var/named/chroot/etc becomes almost empty after configtest.

Version-Release number of selected component (if applicable):

bind-chroot-9.8.2-0.10.rc1.el6_3.2.x86_64
bind-libs-9.8.2-0.10.rc1.el6_3.2.x86_64
bind-9.8.2-0.10.rc1.el6_3.2.x86_64

How reproducible:

always

Steps to Reproduce:
1.Configure bind, bind-chroot and keep running
2.service named configtest
3.
  
Actual results:

Almost all files in chroot are gone

Expected results:

chroot should not be touched over a configtest operation

Additional info:

Comment 2 Adam Tkac 2012-09-05 11:41:17 UTC

Right you are, thanks for the report. We can extend initscript a little to avoid this issue.

Comment 4 Tomáš Hozza 2013-04-05 10:19:31 UTC

Created attachment 731878 [details]
Don't mount/umount files/dirs if named is running

Comment 6 RHEL Program Management 2013-10-14 00:30:32 UTC

This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.

Comment 10 Florencia Fotorello 2014-07-16 13:49:28 UTC

Just for reference.

==========================
REPRODUCTION STEPS
==========================
- Install RHEL6 with bind-9.8.2-0.23.rc1.el6_5.1.x86_64:

--------------
[root@bind ~]# rpm -qa bind
bind-9.8.2-0.23.rc1.el6_5.1.x86_64
--------------

- Configure bind in chroot.

-------------------
===>>> /etc/sysconfig/named
ROOTDIR=/var/named/chroot

[root@bind ~]# yum install bind-chroot
[root@bind ~]# service named start
[root@bind ~]# mount 
[...]
/etc/named on /var/named/chroot/etc/named type none (rw,bind)
/var/named on /var/named/chroot/var/named type none (rw,bind)
/etc/named.conf on /var/named/chroot/etc/named.conf type none (rw,bind)
/etc/named.rfc1912.zones on /var/named/chroot/etc/named.rfc1912.zones type none (rw,bind)
/etc/rndc.key on /var/named/chroot/etc/rndc.key type none (rw,bind)
/usr/lib64/bind on /var/named/chroot/usr/lib64/bind type none (rw,bind)
/etc/named.iscdlv.key on /var/named/chroot/etc/named.iscdlv.key type none (rw,bind)
/etc/named.root.key on /var/named/chroot/etc/named.root.key type none (rw,bind)
-------------------

- Edit /etc/named.conf to make a change.

-------------------
[root@bind ~]# vi /etc/named.conf 
-------------------

- Run "service named configtest".

-------------------
[root@bind ~]# service named configtest
zone example.lab/IN: loaded serial 2014061115
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial 0
umount: /var/named/chroot/var/named: device is busy.
        (In some cases useful info about processes that use
         the device is found by lsof(8) or fuser(1))
-------------------

- Subsequent "rndc reload" commands fail:

--------------------------
[root@bind ~]# rndc reload
rndc: 'reload' failed: file not found

[root@bind ~]# mount
[...]
/etc/named on /var/named/chroot/etc/named type none (rw,bind)
/var/named on /var/named/chroot/var/named type none (rw,bind)
/usr/lib64/bind on /var/named/chroot/usr/lib64/bind type none (rw,bind)
--------------------------

Comment 13 errata-xmlrpc 2014-10-14 04:34:28 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1373.html

Note You need to log in before you can comment on or make changes to this bug.