Bug 851123 - chroot messed during service named configtest
chroot messed during service named configtest
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: bind (Show other bugs)
6.3
All Linux
unspecified Severity medium
: rc
: ---
Assigned To: Tomáš Hozza
qe-baseos-daemons
: Patch
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-08-23 06:08 EDT by albert
Modified: 2014-10-14 00:34 EDT (History)
3 users (show)

See Also:
Fixed In Version: bind-9.8.2-0.26.rc1.el6
Doc Type: Bug Fix
Doc Text:
Cause: Previously initscript command configtest did not check if bind was already running, but rather blidly mounted/unmounted the filesystem into chroot. Consequence: As a result, the named chroot root was damaged by executing initscript command configtest while named was running in a chroot. Fix: The initscript was fixed not to mount/unmount the chroot filesystem on execution of configtest command, if the named is running in a chroot. Result: As a result the chroot filesystem is not damaged.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-10-14 00:34:28 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Don't mount/umount files/dirs if named is running (1.03 KB, patch)
2013-04-05 06:19 EDT, Tomáš Hozza
atkac: review+
Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:1373 normal SHIPPED_LIVE bind bug fix and enhancement update 2014-10-13 21:11:10 EDT

  None (edit)
Description albert 2012-08-23 06:08:38 EDT
Description of problem:

service named configtest try to umount the chroot provided by bind-chroot, leaving a mess behind if named is up and running. Some files are umounted
and some others not because they are in use.
For example, /var/named/chroot/etc becomes almost empty after configtest.

Version-Release number of selected component (if applicable):

bind-chroot-9.8.2-0.10.rc1.el6_3.2.x86_64
bind-libs-9.8.2-0.10.rc1.el6_3.2.x86_64
bind-9.8.2-0.10.rc1.el6_3.2.x86_64

How reproducible:

always

Steps to Reproduce:
1.Configure bind, bind-chroot and keep running
2.service named configtest
3.
  
Actual results:

Almost all files in chroot are gone

Expected results:

chroot should not be touched over a configtest operation

Additional info:
Comment 2 Adam Tkac 2012-09-05 07:41:17 EDT
Right you are, thanks for the report. We can extend initscript a little to avoid this issue.
Comment 4 Tomáš Hozza 2013-04-05 06:19:31 EDT
Created attachment 731878 [details]
Don't mount/umount files/dirs if named is running
Comment 6 RHEL Product and Program Management 2013-10-13 20:30:32 EDT
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.
Comment 10 Florencia Fotorello 2014-07-16 09:49:28 EDT
Just for reference.

==========================
REPRODUCTION STEPS
==========================
- Install RHEL6 with bind-9.8.2-0.23.rc1.el6_5.1.x86_64:

--------------
[root@bind ~]# rpm -qa bind
bind-9.8.2-0.23.rc1.el6_5.1.x86_64
--------------

- Configure bind in chroot.

-------------------
===>>> /etc/sysconfig/named
ROOTDIR=/var/named/chroot

[root@bind ~]# yum install bind-chroot
[root@bind ~]# service named start
[root@bind ~]# mount 
[...]
/etc/named on /var/named/chroot/etc/named type none (rw,bind)
/var/named on /var/named/chroot/var/named type none (rw,bind)
/etc/named.conf on /var/named/chroot/etc/named.conf type none (rw,bind)
/etc/named.rfc1912.zones on /var/named/chroot/etc/named.rfc1912.zones type none (rw,bind)
/etc/rndc.key on /var/named/chroot/etc/rndc.key type none (rw,bind)
/usr/lib64/bind on /var/named/chroot/usr/lib64/bind type none (rw,bind)
/etc/named.iscdlv.key on /var/named/chroot/etc/named.iscdlv.key type none (rw,bind)
/etc/named.root.key on /var/named/chroot/etc/named.root.key type none (rw,bind)
-------------------

- Edit /etc/named.conf to make a change.

-------------------
[root@bind ~]# vi /etc/named.conf 
-------------------

- Run "service named configtest".

-------------------
[root@bind ~]# service named configtest
zone example.lab/IN: loaded serial 2014061115
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial 0
umount: /var/named/chroot/var/named: device is busy.
        (In some cases useful info about processes that use
         the device is found by lsof(8) or fuser(1))
-------------------

- Subsequent "rndc reload" commands fail:

--------------------------
[root@bind ~]# rndc reload
rndc: 'reload' failed: file not found

[root@bind ~]# mount
[...]
/etc/named on /var/named/chroot/etc/named type none (rw,bind)
/var/named on /var/named/chroot/var/named type none (rw,bind)
/usr/lib64/bind on /var/named/chroot/usr/lib64/bind type none (rw,bind)
--------------------------
Comment 13 errata-xmlrpc 2014-10-14 00:34:28 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1373.html

Note You need to log in before you can comment on or make changes to this bug.