1. Описание проблемы Просто взял и поставил unbound из Сизифа, ничего в конфиге не менял. Потом погасил bind и попробовал запустить сервис unbound: root@lks ~]# service bind stop Stopping named service: [ DONE ] [root@lks ~]# service unbound start Update root anchor: ... no need update /var/lib/unbound/root.key[PASSED] Checking unbound configuration:[ DONE ] Starting unbound service: [ DONE ] [root@lks ~]# ping www.ru ping: unknown host www.ru [root@lks ~]# tail -f /var/log/messages May 6 15:33:47 lks named[21769]: stopping command channel on 127.0.0.1#953 May 6 15:33:47 lks named[21769]: no longer listening on 127.0.0.1#53 May 6 15:33:47 lks named[21769]: no longer listening on XXX.XXX.XXX.XXX#53 May 6 15:33:47 lks named[21769]: exiting May 6 15:33:47 lks bind: named shutdown succeeded May 6 15:33:53 lks unbound: [22021:0] notice: init module 0: validator May 6 15:33:53 lks unbound: [22021:0] notice: init module 1: iterator May 6 15:33:53 lks unbound: unbound startup succeeded May 6 15:33:53 lks unbound: [22021:0] info: start of service (unbound 1.5.7). May 6 15:34:07 lks unbound: [22021:0] fatal error: could not open autotrust file for writing, /root.key.22021-0: Permission denied ^C # ll /var/lib/unbound/ total 56 drwxrwxr-t 5 root root 102 May 6 16:14 ./ -rw-r--r-- 1 _unbound _unbound 759 May 6 16:14 root.key drwxr-xr-x 2 root _unbound 29 May 6 15:30 conf.d/ drwxr-xr-x 2 root _unbound 28 May 6 15:26 keys.d/ drwxr-xr-x 2 root _unbound 35 May 6 15:26 local.d/ -rw-r--r-- 1 root root 26662 May 6 15:26 unbound.conf drwxr-xr-x 55 root root 4096 May 6 15:26 ../ -rw-r--r-- 1 root root 17699 May 6 15:26 icannbundle.pem После изменения владельца на root:_unbound для /var/lib/unbound все стало работать как надо. Предполагаю, что нужно chroot'титься не в /lib/unbound, а в /lib/unbound/keys.d или куда-нибудь отдельно. # fgrep -r chroot /etc/unbound /etc/unbound/unbound.conf: # if given, a chroot(2) is done to the given directory. /etc/unbound/unbound.conf: # i.e. you can chroot to the working directory, for example, /etc/unbound/unbound.conf: # If chroot is enabled, you should pass the configfile (from the /etc/unbound/unbound.conf: # chroot has been performed the now defunct portion of the config /etc/unbound/unbound.conf: # The pid file can be absolute and outside of the chroot, it is /etc/unbound/unbound.conf: # written just prior to performing the chroot and dropping permissions. /etc/unbound/unbound.conf: # If you give "" no chroot is performed. The path must not end in a /. /etc/unbound/unbound.conf: # chroot: "/var/lib/unbound" Версия unbound: # rpm -q unbound unbound-1.5.7-alt1
Ошибка все еще актуальна в новой версии (1.5.8-alt1)
(В ответ на комментарий №1) > Ошибка все еще актуальна в новой версии (1.5.8-alt1) То было просто обновление. А вообще ошибка у меня не воспроизводится (проверял в контейнере, взял архив p7 после его обновил на сизиф) [root@localhost /]# apt-get install -y unbound Reading Package Lists... Done Building Dependency Tree... Done The following NEW packages will be installed: unbound 0 upgraded, 1 newly installed, 0 removed and 0 not upgraded. Need to get 0B/455kB of archives. After unpacking 1814kB of additional disk space will be used. Committing changes... Preparing... ################################################################################################### [100%] 1: unbound ################################################################################################### [100%] Running /usr/lib/rpm/posttrans-filetriggers Failed to fstat() file /run/unbound: Invalid argument Done. [root@localhost /]# > /var/log/messages [root@localhost /]# /etc/init.d/unbound start Update root anchor: ... updated /var/lib/unbound/root.key [ DONE ] Checking unbound configuration: [ DONE ] Starting unbound service: [ DONE ] [root@localhost /]# tail /var/log/messages May 10 15:10:25 localhost unbound: [1298:0] notice: init module 0: validator May 10 15:10:25 localhost unbound: [1298:0] notice: init module 1: iterator May 10 15:10:25 localhost unbound: unbound startup succeeded May 10 15:10:25 localhost unbound: [1298:0] info: start of service (unbound 1.5.8). [root@localhost /]# ps auwx | grep -i unbound _unbound 1298 0.0 0.6 58344 6420 ? Ss 15:10 0:00 /usr/sbin/unbound root 1308 0.0 0.0 6584 748 pts/0 S+ 15:11 0:00 grep --color=auto -i unbound [root@localhost /]# ll /var/lib/unbound total 52 -rw-r--r-- 1 _unbound root 759 May 10 15:10 root.key drwxr-xr-x 5 root root 4096 May 10 15:10 ./ -rw-r--r-- 1 root root 27140 May 10 15:10 unbound.conf drwxr-xr-x 2 root _unbound 4096 May 10 15:10 conf.d/ drwxr-xr-x 2 root _unbound 4096 May 10 15:10 keys.d/ drwxr-xr-x 2 root _unbound 4096 May 10 15:10 local.d/ drwxr-xr-x 17 root root 4096 May 10 15:10 ../ [root@localhost /]# rpm -q unbound unbound-1.5.8-alt1 [root@localhost /]# apt-repo rpm [alt] http://ftp.altlinux.org/pub/distributions ALTLinux/Sisyphus/x86_64 classic rpm [alt] http://ftp.altlinux.org/pub/distributions ALTLinux/Sisyphus/noarch classic [root@localhost /]#
Ошибка не воспроизводится
