Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#31507 - [bind] named unable to bind to new addresses after starting
Attached to Project:
Arch Linux
Opened by Chris Caldwell (Teaspoon) - Wednesday, 12 September 2012, 03:17 GMT
Last edited by Gaetan Bisson (vesath) - Wednesday, 12 September 2012, 22:42 GMT
Opened by Chris Caldwell (Teaspoon) - Wednesday, 12 September 2012, 03:17 GMT
Last edited by Gaetan Bisson (vesath) - Wednesday, 12 September 2012, 22:42 GMT
|
DetailsDescription:
Using the named unit file from systemd-arch-units and bind from the official repository, named is unable to bind to addresses that weren't present when it started. With the way systemd starts everything at once it's rare for my eth0 to have an address before named starts. It appears that this is caused by a combination of the unit file calling named with "-u named" and the bind package being built with "--disable-linux-caps". This means that named drops privileges once it's bound to available addresses, but with linux-caps disabled it can't hold on to permission to bind to privileged ports after dropping its other privileges. To start with I was manually restarting named after the system came up. My current workaround is a custom unit file that lets named run as root (ie, no "-u named"). Longer-term fixes are to either tell systemd to wait until my interfaces have addresses (can I make a unit file that waits until netcfg has exited?) or to get named built with linux-caps enabled. Additional info: $ named -V BIND 9.9.1-P2 built with '--prefix=/usr' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-static' '--disable-linux-caps' '--with-openssl' '--with-libxml2' '--with-libtool' 'CFLAGS=-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2' 'LDFLAGS=-Wl,-O1,--sort-common,--as-needed,-z,relro' 'CXXFLAGS=-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2' using OpenSSL version: OpenSSL 1.0.1c 10 May 2012 using libxml2 version: 2.7.8 Relevant part of the log after a "systemctl reload named": named[247]: listening on IPv4 interface eth0, 192.168.7.254#53 named[247]: could not listen on UDP socket: permission denied named[247]: creating IPv4 interface eth0 failed; interface ignored Steps to reproduce: With named configured to listen on all available interfaces... # systemctl start named # ip a a <some address you didn't already have> dev eth0 # systemctl reload named Now check the journal for named and there should be a "could not listen on UDP socket: permission denied" error. |
This task depends upon
Closed by Gaetan Bisson (vesath)
Wednesday, 12 September 2012, 22:42 GMT
Reason for closing: Fixed
Additional comments about closing: bind-9.9.1.P3-1 in [extra]
Wednesday, 12 September 2012, 22:42 GMT
Reason for closing: Fixed
Additional comments about closing: bind-9.9.1.P3-1 in [extra]
And what if you rebuild with capabilities enabled? Does it work then?