Description of problem: Running service named-chroot start fails (also from boot), but running /usr/sbin/named -u named -t /var/named/chroot by hand succeeds (not SELinux related, as disabling it does nothing) after the relevant mounts are done by unit file. Version-Release number of selected component (if applicable): bind-9.9.3-3.P1.fc19.x86_64 How reproducible: Always. Steps to Reproduce: 1. Enable named-chroot. 2. Boot (or start service by hand). Actual results: Fails to start (also no PID file). Expected results: Worked fine in F-18. Additional info: PID file also correctly created when run by hand. Strace of "service named-chroot start" gives at the very end (not sure if relevant): -------------------- [pid 2611] open("/proc/self/stat", O_RDONLY|O_CLOEXEC) = 3 [pid 2611] fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0 [pid 2611] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1 , 0) = 0x7f765cd1e000 [pid 2611] read(3, "2611 (systemd-tty-ask) R 2605 26"..., 1024) = 350 [pid 2611] close(3) = 0 [pid 2611] munmap(0x7f765cd1e000, 4096) = 0 [pid 2611] stat("/run/systemd/ask-password-block", {st_mode=S_IFDIR|0700, st_si ze=100, ...}) = 0 [pid 2611] mknod("/run/systemd/ask-password-block/136:0", S_IFIFO|0600) = -1 EE XIST (File exists) [pid 2611] open("/run/systemd/ask-password-block/136:0", O_RDONLY|O_NOCTTY|O_NO NBLOCK|O_CLOEXEC) = 3 [pid 2611] stat("/run/systemd", {st_mode=S_IFDIR|0755, st_size=300, ...}) = 0 [pid 2611] futex(0x7f765cafd5cc, FUTEX_WAKE_PRIVATE, 2147483647) = 0 [pid 2611] gettid() = 2611 [pid 2611] open("/proc/self/task/2611/attr/current", O_RDONLY|O_CLOEXEC) = 4 [pid 2611] read(4, "unconfined_u:system_r:unconfined"..., 4095) = 50 [pid 2611] close(4) = 0 [pid 2611] mkdir("/run/systemd/ask-password", 0755) = -1 EEXIST (File exists) [pid 2611] stat("/run/systemd/ask-password", {st_mode=S_IFDIR|0755, st_size=40, ...}) = 0 [pid 2611] inotify_init1(IN_CLOEXEC) = 4 [pid 2611] inotify_add_watch(4, "/run/systemd/ask-password", IN_CLOSE_WRITE|IN_ MOVED_TO) = 1 [pid 2611] rt_sigprocmask(SIG_SETMASK, [INT TERM], NULL, 8) = 0 [pid 2611] signalfd4(-1, [INT TERM], 8, O_NONBLOCK|O_CLOEXEC) = 5 [pid 2611] openat(AT_FDCWD, "/run/systemd/ask-password", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 6 [pid 2611] getdents(6, /* 2 entries */, 32768) = 48 [pid 2611] getdents(6, /* 0 entries */, 32768) = 0 [pid 2611] close(6) = 0 [pid 2611] poll([{fd=4, events=POLLIN}, {fd=5, events=POLLIN}], 2, 4294967295 <unfinished ...> [pid 2605] <... poll resumed> ) = 1 ([{fd=3, revents=POLLIN}]) [pid 2605] recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"l\4\1\1S\0\0\0\5\0\0\0\223\0\0\0\1\1o\0\31\0\0\0/org/fre"..., 2048}], msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_CMSG_CLOEXEC) = 251 [pid 2605] recvmsg(3, 0x7fffbfc21e10, MSG_CMSG_CLOEXEC) = -1 EAGAIN (Resource temporarily unavailable) [pid 2605] writev(2, [{"Job for named-chroot.service fai"..., 114}, {"\n", 1}], 2Job for named-chroot.service failed. See 'systemctl status named-chroot.service' and 'journalctl -xn' for details. ) = 115 -------------------- No idea what all of this means...
One additional comment: the named process actually does come up for a while and DNS entries are resolved just fine. However, it appears to be later shot down by systemd, which does not seem to believe that the process is up.
Sidenote: /usr/libexec/setup-named-chroot.sh also seems to be doing the wrong thing. It will create multiple bind mounts if run repeatedly.
(In reply to Bojan Smojver from comment #0) > Fails to start (also no PID file). Sorry, that last bit is a lie. There is a PID file and it matches the PID of the started named process.
ARGH! PID file moved to a new location, so the config from F-18 won't work any more (i.e. pid-file has to be specified in options). I guess this should go in release notes or common bugs.
You are right. Thank you for creating this Bug. It should have been documented somewhere. I created Bug #977413. Anyway I'll close this bug as duplicate of the documentation Bug, since there is not much to fix in BIND. *** This bug has been marked as a duplicate of bug 977413 ***
Actually, you really should compile this new default into named (and adjust man pages).