Support of WKS records under chroot

Petr Mensik pemensik at redhat.com
Mon Nov 14 14:27:46 UTC 2016


Hi everyone!

I am a new maintainer of bind package under Fedora, I hope I will contribute with more valuable code later. But simple things first.
Current BIND will not load WKS records in zones when running under chroot. named-checkzone will fail checking zone files containing WKS record. It will prevent bind from starting in chroot at all in default configuration.

It is possible to load them, if I copy /lib{,64}/libnss_files.so.* and /etc/services and /etc/protocols. Also /etc/nsswitch.conf if default configuration is not good enough.

I have found a simple workaround - to use getservbyname and/or getprotobyname calls before calling chroot call. It forces glibc library of linux to load /lib/libnss_files.so dynamically before it loses access to that file. An advantage is it should support any NSS library that do not need to open unix domain socket later. Of course I still have to make /etc/services and /etc/protocols accessible in chroot (or their *.db variants if db backend is used). But I do not have to make accessible executable code and that is what I want.

I am satisfied with that solution. I am not sure, whether the place I have chosen it the best for it.
Do you know better place than my patch uses? Or another simple way to make WKS records parseable under chroot?

Cheers,
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com  PGP: 65C6C973

-------------- next part --------------
A non-text attachment was scrubbed...
Name: bind-9.10-wks-preload.patch
Type: text/x-patch
Size: 815 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-workers/attachments/20161114/4ea1a459/attachment.bin>


More information about the bind-workers mailing list