Bug 32074

Summary: Not working after install due problems with write permissions
Product: Sisyphus Reporter: Konstantin A Lepikhov (L.A. Kostis) <lakostis>
Component: unboundAssignee: Alexei Takaseev <taf>
Status: CLOSED NOTABUG QA Contact: qa-sisyphus
Severity: normal    
Priority: P3 CC: taf, valintinr
Version: unstableKeywords: relnote
Hardware: all   
OS: Linux   
URL: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763901

Description Konstantin A Lepikhov (L.A. Kostis) 2016-05-06 17:33:27 MSK
1. Описание проблемы

Просто взял и поставил unbound из Сизифа, ничего в конфиге не менял. Потом погасил bind и попробовал запустить сервис unbound:

root@lks ~]# service bind stop
Stopping named service: [ DONE ]

[root@lks ~]# service unbound start
Update root anchor: ... no need update /var/lib/unbound/root.key[PASSED]
Checking unbound configuration:[ DONE ]
Starting unbound service: [ DONE ]

[root@lks ~]# ping www.ru
ping: unknown host www.ru

[root@lks ~]# tail -f /var/log/messages
May  6 15:33:47 lks named[21769]: stopping command channel on 127.0.0.1#953
May  6 15:33:47 lks named[21769]: no longer listening on 127.0.0.1#53
May  6 15:33:47 lks named[21769]: no longer listening on XXX.XXX.XXX.XXX#53
May  6 15:33:47 lks named[21769]: exiting
May  6 15:33:47 lks bind: named shutdown succeeded
May  6 15:33:53 lks unbound: [22021:0] notice: init module 0: validator
May  6 15:33:53 lks unbound: [22021:0] notice: init module 1: iterator
May  6 15:33:53 lks unbound: unbound startup succeeded
May  6 15:33:53 lks unbound: [22021:0] info: start of service (unbound 1.5.7).
May  6 15:34:07 lks unbound: [22021:0] fatal error: could not open autotrust file for writing, /root.key.22021-0: Permission denied
^C

# ll /var/lib/unbound/
total 56
drwxrwxr-t  5 root     root   102 May  6 16:14 ./
-rw-r--r--  1 _unbound _unbound   759 May  6 16:14 root.key
drwxr-xr-x  2 root     _unbound    29 May  6 15:30 conf.d/
drwxr-xr-x  2 root     _unbound    28 May  6 15:26 keys.d/
drwxr-xr-x  2 root     _unbound    35 May  6 15:26 local.d/
-rw-r--r--  1 root     root     26662 May  6 15:26 unbound.conf
drwxr-xr-x 55 root     root      4096 May  6 15:26 ../
-rw-r--r--  1 root     root     17699 May  6 15:26 icannbundle.pem

После изменения владельца на root:_unbound для /var/lib/unbound все стало работать как надо.

Предполагаю, что нужно chroot'титься не в /lib/unbound, а в /lib/unbound/keys.d или куда-нибудь отдельно.

# fgrep -r chroot /etc/unbound
/etc/unbound/unbound.conf:      # if given, a chroot(2) is done to the given directory.
/etc/unbound/unbound.conf:      # i.e. you can chroot to the working directory, for example,
/etc/unbound/unbound.conf:      # If chroot is enabled, you should pass the configfile (from the
/etc/unbound/unbound.conf:      # chroot has been performed the now defunct portion of the config
/etc/unbound/unbound.conf:      # The pid file can be absolute and outside of the chroot, it is
/etc/unbound/unbound.conf:      # written just prior to performing the chroot and dropping permissions.
/etc/unbound/unbound.conf:      # If you give "" no chroot is performed. The path must not end in a /.
/etc/unbound/unbound.conf:      # chroot: "/var/lib/unbound"

Версия unbound:

# rpm -q unbound
unbound-1.5.7-alt1
Comment 1 Konstantin A Lepikhov (L.A. Kostis) 2016-05-09 15:10:25 MSK
Ошибка все еще актуальна в новой версии (1.5.8-alt1)
Comment 2 Valentin Rosavitskiy 2016-05-10 18:12:53 MSK
(В ответ на комментарий №1)
> Ошибка все еще актуальна в новой версии (1.5.8-alt1)
То было просто обновление.


А вообще ошибка у меня не воспроизводится (проверял в контейнере, взял архив p7 после его обновил на сизиф)

[root@localhost /]# apt-get install -y unbound
Reading Package Lists... Done
Building Dependency Tree... Done
The following NEW packages will be installed:
  unbound
0 upgraded, 1 newly installed, 0 removed and 0 not upgraded.
Need to get 0B/455kB of archives.
After unpacking 1814kB of additional disk space will be used.
Committing changes...
Preparing...                                         ################################################################################################### [100%]
1: unbound                                           ################################################################################################### [100%]
Running /usr/lib/rpm/posttrans-filetriggers
Failed to fstat() file /run/unbound: Invalid argument
Done.
[root@localhost /]# > /var/log/messages 
[root@localhost /]# /etc/init.d/unbound start
Update root anchor: ... updated /var/lib/unbound/root.key                                                                                               [ DONE ]
Checking unbound configuration:                                                                                                                         [ DONE ]
Starting unbound service:                                                                                                                               [ DONE ]
[root@localhost /]# tail /var/log/messages 
May 10 15:10:25 localhost unbound: [1298:0] notice: init module 0: validator
May 10 15:10:25 localhost unbound: [1298:0] notice: init module 1: iterator
May 10 15:10:25 localhost unbound: unbound startup succeeded
May 10 15:10:25 localhost unbound: [1298:0] info: start of service (unbound 1.5.8).
[root@localhost /]# ps auwx | grep -i unbound
_unbound  1298  0.0  0.6  58344  6420 ?        Ss   15:10   0:00 /usr/sbin/unbound
root      1308  0.0  0.0   6584   748 pts/0    S+   15:11   0:00 grep --color=auto -i unbound
[root@localhost /]# ll /var/lib/unbound 
total 52
-rw-r--r--  1 _unbound root       759 May 10 15:10 root.key
drwxr-xr-x  5 root     root      4096 May 10 15:10 ./
-rw-r--r--  1 root     root     27140 May 10 15:10 unbound.conf
drwxr-xr-x  2 root     _unbound  4096 May 10 15:10 conf.d/
drwxr-xr-x  2 root     _unbound  4096 May 10 15:10 keys.d/
drwxr-xr-x  2 root     _unbound  4096 May 10 15:10 local.d/
drwxr-xr-x 17 root     root      4096 May 10 15:10 ../
[root@localhost /]# rpm -q unbound
unbound-1.5.8-alt1
[root@localhost /]# apt-repo 
rpm [alt] http://ftp.altlinux.org/pub/distributions ALTLinux/Sisyphus/x86_64 classic
rpm [alt] http://ftp.altlinux.org/pub/distributions ALTLinux/Sisyphus/noarch classic
[root@localhost /]#
Comment 3 Valentin Rosavitskiy 2016-05-16 10:31:20 MSK
Ошибка не воспроизводится