chroot issue

Chris Vaughan Chris.Vaughan at lands.nsw.gov.au
Thu Jan 15 22:41:10 UTC 2009


Niall, 

Thanks for your help. I was able to resolve the issue by creating
/proc/net within the chroot jail and copying dev and if_inet6 there.

Chris Vaughan

-----Original Message-----
From: dhcp-users-bounces at lists.isc.org
[mailto:dhcp-users-bounces at lists.isc.org] On Behalf Of
dhcp-users-request at lists.isc.org
Sent: Thursday, 15 January 2009 8:19 PM
To: dhcp-users at lists.isc.org
Subject: dhcp-users Digest, Vol 3, Issue 20

Send dhcp-users mailing list submissions to
	dhcp-users at lists.isc.org

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.isc.org/mailman/listinfo/dhcp-users
or, via email, send a message with subject or body 'help' to
	dhcp-users-request at lists.isc.org

You can reach the person managing the list at
	dhcp-users-owner at lists.isc.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of dhcp-users digest..."


Today's Topics:

   1. Re: Chroot issue (Niall O'Reilly)
   2. Re: Shared Network (mattf at etex.net)
   3. Restart Problem - segfault ... error 15 (Tarik Gasmi)
   4. Match if substring ... (Matej)
   5. Re: Match if substring ... (Matej)
   6. List archives... (E Johnson)
   7. RE: List archives... (Frank Bulk - iName.com)
   8. lease file: Bad file descriptor, Broken pipe (Rudy Gevaert)


----------------------------------------------------------------------

Message: 1
Date: Wed, 14 Jan 2009 13:01:42 +0000
From: Niall O'Reilly <Niall.oReilly at ucd.ie>
Subject: Re: Chroot issue
To: Users of ISC DHCP <dhcp-users at lists.isc.org>
Cc: Niall.oReilly at ucd.ie
Message-ID: <1231938102.6843.101.camel at d410-heron>
Content-Type: text/plain

On Wed, 2009-01-14 at 13:40 +1100, Chris Vaughan wrote:
> I have compiled ISC DHCP 4.1.0 on CentOS 5 with the --enable-paranoia
> and -enable-early-chroot 

	I expect that '--enable-early-chroot' is significant.

> options, when I go to start this to run in a
> chroot jail, I am confronted with an error, as follows.
> 
> dhcpd -chroot /var/dhcp -user dhcp -group dhcp
> Internet Systems Consortium DHCP Server 4.1.0
> Copyright 2004-2008 Internet Systems Consortium.
> All rights reserved.
> For info, please visit http://www.isc.org/sw/dhcp/
> Wrote 0 leases to leases file.
> Error opening '/proc/net/dev' to list interfaces
> Can't get list of interfaces.

	Reference to /proc/... is relative to your current file-system
	root.  That's to say that dhcpd is looking for 
	/var/dhcp/proc/..., which very likely doesn't exist.

	I've used Edelkind's 'paranoia patch' for years, and am very
	pleased that ISC have integrated it into their release, not 
	least because I nagged for it.  Although I haven't any 
	experience yet with 4.1, I suspect that you can avoid the 
	problem by disabling the 'early' chroot.  The idea is (or used 
	to be) that any tasks which would fail due to the relevant file
	systems being unavailable after chroot are done before a 'late' 
	chroot.

	Otherwise, you'll need to mount the /proc filesystem also at 
	/var/dhcp/proc.  You may also need some of the files below /dev.

	Best regards

	Niall O'Reilly

	University College Dublin IT Services




------------------------------

Message: 2
Date: Wed, 14 Jan 2009 07:40:27 -0600
From: <mattf at etex.net>
Subject: Re: Shared Network
To: <dhcp-users at lists.isc.org>
Message-ID: <9032156963.20090114074027 at mail.etex.net>
Content-Type: text/plain;	charset="iso-8859-1"

Milton

 You said you also did IPTV, what do you all use for transport and
middleware? It would be so great if you could send us a little bit of
your conf file, i would be very greatfull!!! If there is ever anything
we can do to help you please feel free to call me.

Matt Faggione
Etex Communication
Data/Video Tech


------Original Mail------
From: <mschober at nts-online.net>
To: "Users of ISC DHCP" <dhcp-users at lists.isc.org>
Sent: Tue, 13 Jan 2009 21:12:55 -0600 CST
Subject: Re: Shared Network

> I am useing ISC 4.1.0 and i am tring to set up my dhcpd.conf file. I
work
> for a IPTv provider and we are going to use it for our STB network.
The
> STB will request an ip address from the dhcpd server via 10.5.0.0/24
but
> we want the STB to get 10.5.64.1-10.5.127.253 and we will be seting up
25
> netorks the same way. In our old dhcpd.conf file we set it up like the
> example below and it will work on this dhcp server in this is the only
> class, shared network and subnet set up on it. As soon as we add
another
> network it will pull address from the first one. We change the class
name
> on each network and match the allow statment in the ip pool to that
class
> name. is there a limit to how many shared networks you can add on a
conf.
> file? If anyone has a simular setup as we do can you send a example of
how
> you did it. we have about 5000 STB's that will pull a lease from this
> server so if there is a better way of doing this please reply to this
> email.
>
>
> class "Occam_PineAcres_Video"
> {
>  match if (binary-to-ascii (10, 8, ".", packet(24,3)) = "10.5.0") and
> (suffix(option Agent.circuit-id, 1) = "6");
>  default-lease-time 43200;     # 12 hours
>  max-lease-time 43200;         # 12 hours
> }
>
>
> shared-network Occam
> {
>
> subnet 10.5.0.0 netmask 255.255.255.0
> {
> }
>
> ###Occam Pine Acres/video###
>
>  subnet 10.5.64.0 netmask 255.255.192.0 {
>
>  option broadcast-address 10.5.127.255;
>  option subnet-mask 255.255.192.0;
>  option routers 10.5.64.1;
>  option domain-name-servers 10.3.3.10,10.3.3.11;
>  option root-path "US/Central";
>  option time-servers 10.3.3.10;
>  option ntp-servers 10.3.3.10;
>  pool {
>  range 10.5.64.1 10.5.127.254;
>  allow members of "Occam_PineAcres_Video";
>  }
> }
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
We also run an IPTV system here in Lubbock.  We ran into some similar
problems with DHCP when we first set up.  I'll look through some of my
notes in the morning, and send you some config snippets and tips.

Milton Schober, Jr.
VP, Data Services
NTS Communications, Inc.

_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users



------------------------------

Message: 3
Date: Wed, 14 Jan 2009 17:22:05 +0100
From: Tarik Gasmi <tarik.gasmi at rz.uni-freiburg.de>
Subject: Restart Problem - segfault ... error 15
To: dhcp-users at lists.isc.org
Message-ID: <496E112D.40805 at rz.uni-freiburg.de>
Content-Type: text/plain; charset=ISO-8859-15

Hi,

we updated from dhcpd 3.1.0 to 3.1.1 a few days ago ...
(two servers running in failover mode)

two times a restart of the dhcpd failed and produced a log message I
don't understand and I have never seen before:

*** snip ***
Jan 14 16:40:08 ... dhcpd[14609]: segfault at 0000000000841f0f rip
0000000000841f0f rsp 00007ffff38530d8 error 15
*** snap ***

the error occured only on the slave (secondary) server. an a new restart
about seconds after the failure did well.

our dhcp service is serving about 4K fix clients an a number of large
dynamic pools. most of the dhcpd restarts since the software-update
produced no error.

Thankfull for any ideas or suggestions,
Tarik Gasmi


------------------------------

Message: 4
Date: Wed, 14 Jan 2009 19:05:20 +0100
From: "Matej" <matej at matnet.net>
Subject: Match if substring ...
To: <dhcp-users at lists.isc.org>,	<dhcp-hackers at lists.isc.org>
Message-ID: <CF15601193E84C19BD410FC9FAE971E1 at Leeml>
Content-Type: text/plain; charset="iso-8859-2"

Hello,

we have a problem where we must differentiate between different values
of vendor-class-identifiers and firmware versions for them. The problem
is that for every v-c-i there is only one right firmware. The
vendor-class-identifiers are for example "Firmware_1" and "Firmware_1b"

The following class "happens" with both firmware versions 

class "something" {
   match if ( substring (option vendor_class_identifier, 0, 10) =
"Firmware_1") 
filename = "blahblah"
}

which isn't what we want. Is there an option of some sort of exclusive
or / matching the entire vendor_class_identifier or something like that?

Thank you in advance!

With regards,
Matej Serc
matej at matnet.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/dhcp-users/attachments/20090114/b7db3f7
1/attachment-0001.html>

------------------------------

Message: 5
Date: Wed, 14 Jan 2009 19:25:21 +0100
From: "Matej" <matej at matnet.net>
Subject: Re: Match if substring ...
To: "Alexander Clouter" <ac56 at soas.ac.uk>,	<efleury at gmail.com>
Cc: dhcp-hackers at lists.isc.org, dhcp-users at lists.isc.org
Message-ID: <8780A1278F9949AABE4F2E44B760F408 at Leeml>
Content-Type: text/plain; format=flowed; charset="iso-8859-1";
	reply-type=original

Hi,

thank you both. Of course that was it :-)

With regards,
Matej Serc
matej at matnet.net

----- Original Message ----- 
From: "Alexander Clouter" <ac56 at soas.ac.uk>
To: "Matej" <matej at matnet.net>
Cc: <dhcp-users at lists.isc.org>; <dhcp-hackers at lists.isc.org>
Sent: Wednesday, January 14, 2009 7:18 PM
Subject: Re: Match if substring ...


> Hi,
>
> * Matej <matej at matnet.net> [2009-01-14 19:05:20+0100]:
>>
>> we have a problem where we must differentiate between different
values
>> of vendor-class-identifiers and firmware versions for them. The
>> problem is that for every v-c-i there is only one right firmware. The
>> vendor-class-identifiers are for example "Firmware_1" and
"Firmware_1b"
>>
>> The following class "happens" with both firmware versions
>>
>> class "something" {
>>   match if ( substring (option vendor_class_identifier, 0, 10) = 
>> "Firmware_1");
>>   filename = "blahblah";
>> }
>>
>> which isn't what we want. Is there an option of some sort of
exclusive
>> or / matching the entire vendor_class_identifier or something like
that?
>>
> You should make this (from dhcpd.conf):
> ----
> class "wibble" {
>  match if option vendor_class_identifier = "Firmware_1";
>  filename = "wobble";
> }
> ----
>
> Cheers
>
> Alex
>
> -- 
> Alexander Clouter - Network Infrastructure Support Analyst, IT
Department
> .sigmonster says: Q: How do you keep a moron in suspense?
> 



------------------------------

Message: 6
Date: Wed, 14 Jan 2009 15:00:48 -0600
From: E Johnson <ej.isc at indicium.org>
Subject: List archives...
To: DHCP Users List <dhcp-users at lists.isc.org>
Message-ID: <496E5280.4020807 at indicium.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Hi,

I'm a new member to the list.

Could someone tell me where I could find the archive for the list?  I 
found the current archive at www.isc.org but it only has 2 months in 
it.  Where is the rest?

Thanks,

Eric


------------------------------

Message: 7
Date: Thu, 15 Jan 2009 00:44:46 -0600
From: "Frank Bulk - iName.com" <frnkblk at iname.com>
Subject: RE: List archives...
To: "DHCP Users List" <dhcp-users at lists.isc.org>
Message-ID:
	
<!&!AAAAAAAAAAAuAAAAAAAAAKTyXRN5/+lGvU59a+P7CFMBAN6gY+ZG84BMpVQcAbDh1IQA
AAATbSgAABAAAAAPaSYIEETbRoonX8j5XBXgAQAAAAA=@iname.com>
	
Content-Type: text/plain;	charset="us-ascii"

Start here:
http://marc.info/?l=dhcp-users

Frank

-----Original Message-----
From: dhcp-users-bounces at lists.isc.org
[mailto:dhcp-users-bounces at lists.isc.org] On Behalf Of E Johnson
Sent: Wednesday, January 14, 2009 3:01 PM
To: DHCP Users List
Subject: List archives...

Hi,

I'm a new member to the list.

Could someone tell me where I could find the archive for the list?  I
found the current archive at www.isc.org but it only has 2 months in
it.  Where is the rest?

Thanks,

Eric
_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users



------------------------------

Message: 8
Date: Thu, 15 Jan 2009 10:24:56 +0100
From: Rudy Gevaert <Rudy.Gevaert at UGent.be>
Subject: lease file: Bad file descriptor, Broken pipe
To: dhcp-users at lists.isc.org
Message-ID: <496F00E8.5010601 at UGent.be>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Hello,

We are running 3.0.4-13 (Debian Stable) 64bit, from time to time the 
dhcpd just disappears.  I can't find anything in the syslog. :(

I have attached an strace to the dhcpd process and this is what I have 
collected.  Some remarks:

* write is sending to file descriptor 0?  stdin?
* on the second line below I see: close(0), so that might maybe explain 
why it shows EBADF
* on the last lines of the strace I have
   write(0, "lease 157.193.2.158 {\n  starts 3"..., 328) = -1 EPIPE 
(Broken pipe)
* This machine is running in a xen environment on iscsi.
* In a later release I noticed '- Fixed file descriptor leak on listen 
failure. Thanks to Tom Clark.' Maybe this is the fix?

If would appreciate any hints in further troubleshooting the problem.

Thank you in advance.

Rudy

PS if this the wrong list, please tell me where I should send my
inquiry.

sendto(3, "<187>Jan 14 20:12:50 dhcpd: time"..., 68, MSG_NOSIGNAL, NULL,

0) = 68
close(0)                                = 0
time([1231960370])                      = 1231960370
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1067, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1067, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1067, ...}) = 0
sendto(3, "<190>Jan 14 20:12:50 dhcpd: peer"..., 53, MSG_NOSIGNAL, NULL,

0) = 53
write(0, "\nfailover peer \"dhcpfo\" state {\n"..., 167) = -1 EBADF (Bad

file descriptor)
<...>
sendto(3, "<190>Jan 14 20:12:50 dhcpd: DHCP"..., 136, MSG_NOSIGNAL, 
NULL, 0) = 136
recvfrom(5, 
"\1\1\6\0\10\213\3\242\5\0\0\0\254\20B\230\0\0\0\0\0\0\0"..., 1540, 0, 
{sa_family=AF_INET, sin_port=htons(68), 
sin_addr=inet_addr("172.16.66.152")}, [16]) = 300
gettimeofday({1231960370, 982765}, NULL) = 0
select(10, [4 5 7 9], [], [], {0, 17235}) = 2 (in [5 7], left {0,
17235})
gettimeofday({1231960370, 983168}, NULL) = 0
read(7, "\252\0\0v@\227\0\25\307\213\370\0\10\0E\0\1H9\304\0\0~"..., 
1536) = 342
write(0, "lease 157.193.9.130 {\n  starts 3"..., 364) = -1 EBADF (Bad 
file descriptor)
time([1231960370])                      = 1231960370
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1067, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1067, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1067, ...}) = 0
sendto(3, "<190>Jan 14 20:12:50 dhcpd: comm"..., 80, MSG_NOSIGNAL, NULL,

0) = 80
time([1231960371])                      = 1231960371
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1067, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1067, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1067, ...}) = 0
sendto(3, "<190>Jan 14 20:12:51 dhcpd: DHCP"..., 131, MSG_NOSIGNAL, 
NULL, 0) = 131
recvfrom(5, 
"\1\1\6\1\273\331\20\335\0\4\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1540, 0, 
{sa_family=AF_INET, sin_port=htons(67), 
sin_addr=inet_addr("172.16.228.254")}, [16]) = 300
gettimeofday({1231960371, 23934}, NULL) = 0
time([1231960371])                      = 1231960371
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1067, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1067, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1067, ...}) = 0
sendto(3, "<190>Jan 14 20:12:51 dhcpd: DHCP"..., 93, MSG_NOSIGNAL, NULL,

0) = 93
sendto(5, "\2\1\6\0017\3%\177\0\4\200\0\0\0\0\0\254\20A\274\0\0\0"..., 
303, 0, {sa_family=AF_INET, sin_port=htons(67), 
sin_addr=inet_addr("172.16.65.254")}, 16) = 303
gettimeofday({1231960371, 33657}, NULL) = 0
select(10, [4 5 7 9], [], [], {2, 966343}) = 3 (in [5 7 9], left {2, 
966343})
gettimeofday({1231960371, 34050}, NULL) = 0
read(7, "\252\0\0v@\227\0\25\307\213\370\0\10\0E\0\1H9\351\0\0~"..., 
1536) = 342
write(0, "lease 157.193.3.37 {\n  starts 3 "..., 355) = -1 EBADF (Bad 
file descriptor)
time([1231960371])                      = 1231960371
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1067, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1067, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1067, ...}) = 0
sendto(3, "<190>Jan 14 20:12:51 dhcpd: comm"..., 80, MSG_NOSIGNAL, NULL,

0) = 80
time([1231960371])                      = 1231960371
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1067, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1067, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1067, ...}) = 0
sendto(3, "<190>Jan 14 20:12:51 dhcpd: DHCP"..., 125, MSG_NOSIGNAL, 
NULL, 0) = 125
recvfrom(5, "\1\1\6\1xV4\22\n\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\235\301"...,

1540, 0, {sa_family=AF_INET, sin_port=htons(67), 
sin_addr=inet_addr("157.193.217.254")}, [16]) = 300
accept(9, {sa_family=AF_INET, sin_port=htons(34727), 
sin_addr=inet_addr("157.193.71.100")}, [38654705680]) = 0
gettimeofday({1231960371, 65634}, NULL) = 0
select(10, [0 4 5 7 9], [0], [], {2, 934366}) = 3 (in [5 7], out [0], 
left {2, 934366})
gettimeofday({1231960371, 66060}, NULL) = 0
read(7, "\252\0\0v@\227\0\25\307\213\370\0\10\0E\0\1Hg\340\0\0~"..., 
1536) = 342
write(0, "lease 157.193.10.125 {\n  starts "..., 329) = 329
fsync(0)                                = -1 EINVAL (Invalid argument)
time([1231960371])                      = 1231960371
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1067, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1067, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1067, ...}) = 0
sendto(3, "<190>Jan 14 20:12:51 dhcpd: comm"..., 77, MSG_NOSIGNAL, NULL,

0) = 77
time([1231960371])                      = 1231960371
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1067, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1067, ...}) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=1067, ...}) = 0
sendto(3, "<190>Jan 14 20:12:51 dhcpd: DHCP"..., 121, MSG_NOSIGNAL, 
NULL, 0) = 121
recvfrom(5, 
"\1\1\6\1\6\0\0\0\0\0\0\0\235\301\330\34\0\0\0\0\0\0\0\0"..., 1540, 0, 
{sa_family=AF_INET, sin_port=htons(67), 
sin_addr=inet_addr("157.193.217.254")}, [16]) = 300
write(0, "\0i\5\fIn93\0\0\0\0\0\3\0\4\235\301(d\0\25\0\4\0\0\0\n"..., 
105) = 105
gettimeofday({1231960371, 102514}, NULL) = 0
select(10, [0 4 5 7 9], [], [], {2, 897486}) = 3 (in [0 5 7], left {2, 
897486})
gettimeofday({1231960371, 102957}, NULL) = 0
read(7, "\252\0\0v@\227\0\25\307\213\370\0\10\0E\0\1HT\4\0\0~\21"..., 
1536) = 342
write(0, "lease 157.193.2.158 {\n  starts 3"..., 328) = -1 EPIPE (Broken

pipe)
--- SIGPIPE (Broken pipe) @ 0 (0) ---
Process 15992 detached
snoek:~#
-- 
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Rudy Gevaert          Rudy.Gevaert at UGent.be          tel:+32 9 264 4734
Directie ICT, afd. Infrastructuur ICT Department, Infrastructure office
Groep Systemen                    Systems group
Universiteit Gent                 Ghent University
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie               www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --


------------------------------

_______________________________________________
dhcp-users mailing list
dhcp-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/dhcp-users

End of dhcp-users Digest, Vol 3, Issue 20
*****************************************

***************************************************************
This message is intended for the addressee named and may contain confidential information. If you are not the intended recipient, please delete it and notify the sender. Views expressed in this message are those of the individual sender, and are not necessarily the views of the Department of  Lands. This email message has been swept by MIMEsweeper for the presence of computer viruses.
***************************************************************
Please consider the environment before printing this email.




More information about the dhcp-users mailing list