On Fri, May 02, 2008, Alain Spineux wrote:
> On Fri, May 2, 2008 at 8:17 AM, Ralf S. Engelschall <[EMAIL PROTECTED]> wrote:
> > On Fri, May 02, 2008, Alain Spineux wrote:
> >
> > > [...]
> >
> > > # /kolab/sbin/named -u kolab-r -g
> > > [...]
> >
> > > controls {
> > > unix "/kolab/var/bind/named.ctl"
> > > perm 0600 owner 19415 group 19415
> > > keys { "rndc-key"; };
> > > #inet 127.0.0.1 port 953
> > > #allow { 127.0.0.1; }
> > > #keys { "rndc-key"; };
> > > };
> > > [...]
> > >
> > > Any idea what's wrong ?
> >
> > Is UID 19415 really the "kolab-r" user?
>
> Yes :-)
>
> I looked further and found this is a "capability" problem, I removed
> the two call to linux_setcaps in bind-9.4.2/bin/named/unix/os.c
> and all (the "bind" and the "chown") the problems diapered.
>
> I thing this is a bind bug, not openpkg related !
> They should setup the correct capabilities for linux platform.
>
> Any comments ?
I would say: please file a bug report with the BIND developer team. If
you in parallel could fine out what the _correct_ way is to initialize
the Linux capability stuff, I'm also happy to include a patch into the
"bind" package to fix this until a fixed new BIND version is released.
But just removing the two calls I think might be too extreme. Can the
_real_ problem be fixed: the reason why it actually breaks?
I've not tested the following, but as a wild guess perhaps the
following solves the problem:
Index: bin/named/unix/os.c
--- bin/named/unix/os.c.orig 2006-02-04 00:51:38 +0100
+++ bin/named/unix/os.c 2008-05-02 17:25:33 +0200
@@ -212,6 +212,11 @@
caps |= (1 << CAP_SETGID);
/*
+ * Since we call chown, we need this.
+ */
+ caps |= (1 << CAP_CHOWN);
+
+ /*
* Without this, we run into problems reading a configuration file
* owned by a non-root user and non-world-readable on startup.
*/
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
OpenPKG http://openpkg.org
User Communication List [email protected]
