977191 – named-chroot fails to start, but /usr/sbin/named -u named -t /var/named/chroot works

Bug 977191 - named-chroot fails to start, but /usr/sbin/named -u named -t /var/named/chroot works

Summary: named-chroot fails to start, but /usr/sbin/named -u named -t /var/named/chroo...

Keywords:
Status:	CLOSED DUPLICATE of bug 977413
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	bind
Sub Component:
Version:	19
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Tomáš Hozza
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-06-24 03:38 UTC by Bojan Smojver
Modified:	2013-06-24 23:32 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-06-24 14:04:07 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Bojan Smojver 2013-06-24 03:38:45 UTC

Description of problem:
Running service named-chroot start fails (also from boot), but running /usr/sbin/named -u named -t /var/named/chroot by hand succeeds (not SELinux related, as disabling it does nothing) after the relevant mounts are done by unit file.

Version-Release number of selected component (if applicable):
bind-9.9.3-3.P1.fc19.x86_64

How reproducible:
Always.

Steps to Reproduce:
1. Enable named-chroot.
2. Boot (or start service by hand).

Actual results:
Fails to start (also no PID file).

Expected results:
Worked fine in F-18.

Additional info:
PID file also correctly created when run by hand.

Strace of "service named-chroot start" gives at the very end (not sure if relevant):
--------------------
[pid  2611] open("/proc/self/stat", O_RDONLY|O_CLOEXEC) = 3
[pid  2611] fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
[pid  2611] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1
, 0) = 0x7f765cd1e000
[pid  2611] read(3, "2611 (systemd-tty-ask) R 2605 26"..., 1024) = 350
[pid  2611] close(3)                    = 0
[pid  2611] munmap(0x7f765cd1e000, 4096) = 0
[pid  2611] stat("/run/systemd/ask-password-block", {st_mode=S_IFDIR|0700, st_si
ze=100, ...}) = 0
[pid  2611] mknod("/run/systemd/ask-password-block/136:0", S_IFIFO|0600) = -1 EE
XIST (File exists)
[pid  2611] open("/run/systemd/ask-password-block/136:0", O_RDONLY|O_NOCTTY|O_NO
NBLOCK|O_CLOEXEC) = 3
[pid  2611] stat("/run/systemd", {st_mode=S_IFDIR|0755, st_size=300, ...}) = 0
[pid  2611] futex(0x7f765cafd5cc, FUTEX_WAKE_PRIVATE, 2147483647) = 0
[pid  2611] gettid()                    = 2611
[pid  2611] open("/proc/self/task/2611/attr/current", O_RDONLY|O_CLOEXEC) = 4
[pid  2611] read(4, "unconfined_u:system_r:unconfined"..., 4095) = 50
[pid  2611] close(4)                    = 0
[pid  2611] mkdir("/run/systemd/ask-password", 0755) = -1 EEXIST (File exists)
[pid  2611] stat("/run/systemd/ask-password", {st_mode=S_IFDIR|0755, st_size=40,
 ...}) = 0
[pid  2611] inotify_init1(IN_CLOEXEC)   = 4
[pid  2611] inotify_add_watch(4, "/run/systemd/ask-password", IN_CLOSE_WRITE|IN_
MOVED_TO) = 1
[pid  2611] rt_sigprocmask(SIG_SETMASK, [INT TERM], NULL, 8) = 0
[pid  2611] signalfd4(-1, [INT TERM], 8, O_NONBLOCK|O_CLOEXEC) = 5
[pid  2611] openat(AT_FDCWD, "/run/systemd/ask-password", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 6
[pid  2611] getdents(6, /* 2 entries */, 32768) = 48
[pid  2611] getdents(6, /* 0 entries */, 32768) = 0
[pid  2611] close(6)                    = 0
[pid  2611] poll([{fd=4, events=POLLIN}, {fd=5, events=POLLIN}], 2, 4294967295 <unfinished ...>
[pid  2605] <... poll resumed> )        = 1 ([{fd=3, revents=POLLIN}])
[pid  2605] recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"l\4\1\1S\0\0\0\5\0\0\0\223\0\0\0\1\1o\0\31\0\0\0/org/fre"..., 2048}], msg_controllen=0, msg_flags=MSG_CMSG_CLOEXEC}, MSG_CMSG_CLOEXEC) = 251
[pid  2605] recvmsg(3, 0x7fffbfc21e10, MSG_CMSG_CLOEXEC) = -1 EAGAIN (Resource temporarily unavailable)
[pid  2605] writev(2, [{"Job for named-chroot.service fai"..., 114}, {"\n", 1}], 2Job for named-chroot.service failed. See 'systemctl status named-chroot.service' and 'journalctl -xn' for details.
) = 115
--------------------

No idea what all of this means...

Comment 1 Bojan Smojver 2013-06-24 03:40:34 UTC

One additional comment: the named process actually does come up for a while and DNS entries are resolved just fine. However, it appears to be later shot down by systemd, which does not seem to believe that the process is up.

Comment 2 Bojan Smojver 2013-06-24 04:23:12 UTC

Sidenote: /usr/libexec/setup-named-chroot.sh also seems to be doing the wrong thing. It will create multiple bind mounts if run repeatedly.

Comment 3 Bojan Smojver 2013-06-24 05:13:46 UTC

(In reply to Bojan Smojver from comment #0)

> Fails to start (also no PID file).

Sorry, that last bit is a lie. There is a PID file and it matches the PID of the started named process.

Comment 4 Bojan Smojver 2013-06-24 06:17:14 UTC

ARGH! PID file moved to a new location, so the config from F-18 won't work any more (i.e. pid-file has to be specified in options).

I guess this should go in release notes or common bugs.

Comment 5 Tomáš Hozza 2013-06-24 14:04:07 UTC

You are right. Thank you for creating this Bug. It should have been documented
somewhere. I created Bug #977413.

Anyway I'll close this bug as duplicate of the documentation Bug, since there
is not much to fix in BIND.

*** This bug has been marked as a duplicate of bug 977413 ***

Comment 6 Bojan Smojver 2013-06-24 23:32:39 UTC

Actually, you really should compile this new default into named (and adjust man pages).

Note You need to log in before you can comment on or make changes to this bug.