[Pdns-dev] pdns-recursor 3.1.4 + chroot: = error

Koh-ichi Ito kohi at iri.co.jp
Fri Nov 9 12:27:17 CET 2007 

Hi! team,

I posted the following message to pdns-users ML last week
and I don't any response on it.

I guess it must be a bug, so let it be reported to the
development team.

Though I don't examine it yet, I afread that it must be
involved dump-cache and reload-zones sub commands of
rec_control, too.

Thanks in advance.

						Koh-ichi Ito
----- 8< --------------------------------------------------
To: pdns-users at mailman.powerdns.com
Subject: pdns-recursor 3.1.4 + chroot: = error
From: Koh-ichi Ito <kohi at iri.co.jp>
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on 	alphonse.himoo.iri.co.jp
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=ALL_TRUSTED,BAYES_00,	DNS_FROM_RFC_ABUSE autolearn=ham version=3.1.7
Message-Id: <200711020655.lA26t94F014173 at alphonse.himoo.iri.co.jp>
Date: Fri, 02 Nov 2007 15:55:09 +0900
User-Agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.7
 (Sanjō) APEL/10.6 Emacs/21.4 (i686-redhat-linux-gnu) MULE/5.0
 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")

Hi, I'm newbie here and on pdns, too.

I just begin to play with pdns-recursor 3.1.4 on my lab
machine and find that chroot: causes the problem. Does
anybody experience same as mine?

Problem:
Run pdns-recursor with recursor.conf contains 'chroot='.

Invoke rec_control --socket-dir=/appropriate/directory.

rec_control stuck and pdns_recursor gives the following
message.

Nov 02 06:26:20 Error dealing with control socket request: Unable to send message over control channel '/proj/powerdns/sandbox/var/run//lsockaxv4Sv': No such file or directory

This is all of my problem.

Invoke rec_control without --socket-dir gives the message

[root at yuina sandbox]# /proj/powerdns/bin/rec_control ping
Fatal: Unable to connect to remote '/var/run/pdns_recursor.controlsocket': Connection refused

so, I guess --socket-dir is mandatory when running
pdns_recursor with "chroot=".


Environment:
kohi at yuina[9]% uname -a
Linux yuina.himoo.iri.co.jp 2.6.18-8.1.15.el5 #1 SMP Mon Oct 22 08:32:04 EDT 2007 i686 i686 i386 GNU/Linux
kohi at yuina[10]% cat /etc/redhat-release 
CentOS release 5 (Final)


Configuration:
#
#	$Id$
#
allow-from=127.0.0.1/32, 10.2.0.0/27
chroot=/proj/powerdns/sandbox
#daemon=yes
daemon=no
local-address=10.2.0.2
log-common-errors=yes
logging-facility=3
serve-rfc1918=yes
setgid=bind
setuid=dns
socket-dir=/proj/powerdns/sandbox/var/run


Reason(just my guess):
Path name of chroot() sandbox isn't stripped off in
RecursorControlChannel::recv() [defined in rec_channel.cc].

rec_control is run without chroot(), so
"/proj/powerdns/sandbox/var/run/lsockblahblah"(on my case)
is returned into remote_addr.sun_path, but pdns_recursor is
now chroot()ed into "/proj/powerdns/sandbox/", so
"/var/run/lsockblahblah" rather
"/proj/powerdns/sandbox/var/run/lsockblahblah" is
appropriate.


Fix(quick and dirty):
----- 8< --------------------------------------------------
*** pdns-recursor-3.1.4/rec_channel.cc.ORG	Mon Nov 13 01:56:13 2006
--- pdns-recursor-3.1.4/rec_channel.cc	Fri Nov  2 15:23:58 2007
***************
*** 8,13 ****
--- 8,15 ----
  
  #include "ahuexception.hh"
  
+ #include "arguments.hh"
+ 
  using namespace std;
  
  RecursorControlChannel::RecursorControlChannel()
***************
*** 130,137 ****
    if((len=::recvfrom(d_fd, buffer, sizeof(buffer), 0, (struct sockaddr*)&remoteaddr, &addrlen)) < 0)
      throw AhuException("Unable to receive message over control channel: "+string(strerror(errno)));
  
!   if(remote)
!     *remote=remoteaddr.sun_path;
  
    return string(buffer, buffer+len);
  }
--- 132,150 ----
    if((len=::recvfrom(d_fd, buffer, sizeof(buffer), 0, (struct sockaddr*)&remoteaddr, &addrlen)) < 0)
      throw AhuException("Unable to receive message over control channel: "+string(strerror(errno)));
  
!   if(remote) {
!   char *remote_path;
!   ArgvMap &arg();
!  
!     remote_path=remoteaddr.sun_path;
!     if (!::arg()["chroot"].empty())
!       if (strncmp(remote_path, ::arg()["chroot"].c_str(), strlen(arg()["chroot"].c_str())) == 0)
! 	if (*(::arg()["chroot"].c_str() + strlen(arg()["chroot"].c_str()) - 1) == '/') 
!           remote_path += strlen(arg()["chroot"].c_str()) - 1;
! 	else
!           remote_path += strlen(arg()["chroot"].c_str());
!     *remote=remote_path;
!   }
  
    return string(buffer, buffer+len);
  }
----- 8< --------------------------------------------------

This must be more sophisticated because I'm not familiar
with C++.


Thanks in advance.

						Koh-ichi Ito
				Internet Research Institute, Inc.

More information about the Pdns-dev mailing list