diff --git a/bind.spec b/bind.spec index 771de98..cc69139 100644 --- a/bind.spec +++ b/bind.spec @@ -27,7 +27,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: ISC Version: 9.9.4 -Release: 14.%{?PATCHVER}%{?PREVER}%{?dist} +Release: 15.%{?PATCHVER}%{?PREVER}%{?dist} Epoch: 32 Url: http://www.isc.org/products/BIND/ Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -56,6 +56,8 @@ Source40: named-sdb-chroot.service Source41: setup-named-chroot.sh Source42: generate-rndc-key.sh Source43: named.rwtab +Source44: named-setup-rndc.service +Source45: named-setup-chroot.service # Common patches Patch5: bind-nonexec.patch @@ -465,6 +467,8 @@ install -m 644 %{SOURCE38} ${RPM_BUILD_ROOT}%{_unitdir} install -m 644 %{SOURCE39} ${RPM_BUILD_ROOT}%{_unitdir} %endif install -m 644 %{SOURCE40} ${RPM_BUILD_ROOT}%{_unitdir} +install -m 644 %{SOURCE44} ${RPM_BUILD_ROOT}%{_unitdir} +install -m 644 %{SOURCE45} ${RPM_BUILD_ROOT}%{_unitdir} mkdir -p ${RPM_BUILD_ROOT}%{_libexecdir} install -m 755 %{SOURCE41} ${RPM_BUILD_ROOT}%{_libexecdir}/setup-named-chroot.sh @@ -648,6 +652,8 @@ rm -rf ${RPM_BUILD_ROOT} %{_sysconfdir}/tmpfiles.d/named.conf %{_sysconfdir}/rwtab.d/named %{_unitdir}/named.service +%{_unitdir}/named-setup-rndc.service +%{_unitdir}/named-setup-chroot.service %{_sysconfdir}/NetworkManager/dispatcher.d/13-named %{_sbindir}/named-journalprint %{_sbindir}/named-checkconf @@ -815,6 +821,9 @@ rm -rf ${RPM_BUILD_ROOT} %endif %changelog +* Fri Jul 18 2014 Tomas Hozza 32:9.9.4-15.P2 +- Rework the chroot creation/destruction workflow (#1097671) + * Fri Jul 18 2014 Tomas Hozza 32:9.9.4-14.P2 - Use network-online.target instead of network.target (#1117086) diff --git a/named-chroot.service b/named-chroot.service index 4e47db8..20cc314 100644 --- a/named-chroot.service +++ b/named-chroot.service @@ -6,8 +6,10 @@ Description=Berkeley Internet Name Domain (DNS) Wants=nss-lookup.target Wants=network-online.target +Requires=named-setup-chroot.service Before=nss-lookup.target After=network-online.target +After=named-setup-chroot.service [Service] Type=forking @@ -15,15 +17,12 @@ EnvironmentFile=-/etc/sysconfig/named Environment=KRB5_KTNAME=/etc/named.keytab PIDFile=/var/named/chroot/run/named/named.pid -ExecStartPre=/usr/libexec/generate-rndc-key.sh -ExecStartPre=/usr/libexec/setup-named-chroot.sh /var/named/chroot on ExecStartPre=/usr/sbin/named-checkconf -t /var/named/chroot -z /etc/named.conf ExecStart=/usr/sbin/named -u named -t /var/named/chroot $OPTIONS ExecReload=/bin/sh -c '/usr/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID' ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID' -ExecStopPost=/usr/libexec/setup-named-chroot.sh /var/named/chroot off PrivateTmp=false diff --git a/named-sdb-chroot.service b/named-sdb-chroot.service index 9dfac07..4d69f9d 100644 --- a/named-sdb-chroot.service +++ b/named-sdb-chroot.service @@ -6,8 +6,10 @@ Description=Berkeley Internet Name Domain (DNS) Wants=nss-lookup.target Wants=network-online.target +Requires=named-setup-chroot.service Before=nss-lookup.target After=network-online.target +After=named-setup-chroot.service [Service] Type=forking @@ -15,15 +17,12 @@ EnvironmentFile=-/etc/sysconfig/named Environment=KRB5_KTNAME=/etc/named.keytab PIDFile=/var/named/chroot/run/named/named.pid -ExecStartPre=/usr/libexec/generate-rndc-key.sh -ExecStartPre=/usr/libexec/setup-named-chroot.sh /var/named/chroot on ExecStartPre=/usr/sbin/named-checkconf -t /var/named/chroot -z /etc/named.conf ExecStart=/usr/sbin/named-sdb -u named -t /var/named/chroot $OPTIONS ExecReload=/bin/sh -c '/usr/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID' ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID' -ExecStopPost=/usr/libexec/setup-named-chroot.sh /var/named/chroot off PrivateTmp=false diff --git a/named-sdb.service b/named-sdb.service index bd99185..4d1a3f8 100644 --- a/named-sdb.service +++ b/named-sdb.service @@ -2,8 +2,10 @@ Description=Berkeley Internet Name Domain (DNS) Wants=nss-lookup.target Wants=network-online.target +Wants=named-setup-rndc.service Before=nss-lookup.target After=network-online.target +After=named-setup-rndc.service [Service] Type=forking @@ -11,7 +13,6 @@ EnvironmentFile=-/etc/sysconfig/named Environment=KRB5_KTNAME=/etc/named.keytab PIDFile=/run/named/named.pid -ExecStartPre=/usr/libexec/generate-rndc-key.sh ExecStartPre=/usr/sbin/named-checkconf -z /etc/named.conf ExecStart=/usr/sbin/named-sdb -u named $OPTIONS diff --git a/named-setup-chroot.service b/named-setup-chroot.service new file mode 100644 index 0000000..e04afaa --- /dev/null +++ b/named-setup-chroot.service @@ -0,0 +1,11 @@ +[Unit] +Description=Set-up/destroy chroot environment for named (DNS) +Wants=named-setup-rndc.service +After=named-setup-rndc.service +StopWhenUnneeded=yes + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/libexec/setup-named-chroot.sh /var/named/chroot on +ExecStop=/usr/libexec/setup-named-chroot.sh /var/named/chroot off diff --git a/named-setup-rndc.service b/named-setup-rndc.service new file mode 100644 index 0000000..ff85e3c --- /dev/null +++ b/named-setup-rndc.service @@ -0,0 +1,7 @@ +[Unit] +Description=Generate rndc key for BIND (DNS) + +[Service] +Type=oneshot + +ExecStart=/usr/libexec/generate-rndc-key.sh diff --git a/named.service b/named.service index 8f8189f..a2f9cc4 100644 --- a/named.service +++ b/named.service @@ -2,8 +2,10 @@ Description=Berkeley Internet Name Domain (DNS) Wants=nss-lookup.target Wants=network-online.target +Wants=named-setup-rndc.service Before=nss-lookup.target After=network-online.target +After=named-setup-rndc.service [Service] Type=forking @@ -11,7 +13,6 @@ EnvironmentFile=-/etc/sysconfig/named Environment=KRB5_KTNAME=/etc/named.keytab PIDFile=/run/named/named.pid -ExecStartPre=/usr/libexec/generate-rndc-key.sh ExecStartPre=/usr/sbin/named-checkconf -z /etc/named.conf ExecStart=/usr/sbin/named -u named $OPTIONS diff --git a/setup-named-chroot.sh b/setup-named-chroot.sh index 9f96278..8de494b 100755 --- a/setup-named-chroot.sh +++ b/setup-named-chroot.sh @@ -44,7 +44,7 @@ mount_chroot_conf() # Mount source is a directory. Mount it only if directory in chroot is # empty. if [ -e "$all" ] && [ `ls -1A $ROOTDIR$all | wc -l` -eq 0 ]; then - mount --rbind "$all" "$ROOTDIR$all" + mount --bind --make-private "$all" "$ROOTDIR$all" fi fi done