[Pdns-users] [Q] pdsn recursor chroot environment error : rec_control = Fatal: Unable to receive message over control channel: Success

JKL junk4 at klunky.co.uk
Thu Nov 3 12:45:58 UTC 2011 

On 10/31/2011 09:18 PM, Aki Tuomi wrote:
> On Mon, Oct 31, 2011 at 06:00:38PM +0100, Peter van Dijk wrote:
>> Hello S,
>>
>> On Oct 27, 2011, at 15:57 , J4K wrote:
>>
>>> root at sa51 /var/spool/powerdns/var/run # ls -l
>>> total 0
>>> lrwxrwxrwx 1 root root 36 Oct 27 15:37 pdns_recursor.controlsocket ->
>>> /var/run/pdns_recursor.controlsocket
>>> lrwxrwxrwx 1 root root 26 Oct 27 15:37 pdns_recursor.pid ->
>>> /var/run/pdns_recursor.pid
>> Symlink targets are subject to chroot rules too. When viewed within the chroot, your symlinks are just pointing to themselves. I would suggest experimenting with hardlinking them, or making the symlinks the other way around.
>>
>> Note that when I try here, the socket ends up outside of the chroot but rec_control is still unable to get a response from the recursor.
>>
>> Please let me know whether you get this running with symlinks or hard links in the right direction; if not, I will investigate whether there are bugs in this area.
>>
>> Kind regards,
>> Peter van Dijk
>>
> Actually, this problem is easily solved after you understand how unix sockets
> really work. The issue at hand is that the location (directory) of the socket
> must be same for both parties, at least, it must seem so. 
>
> The Unix sockets work by having a server socket somewhere, and when you connect
> to it, you (usually) create a client socket in the same directory, and provide
> the directory of that to the server. And this usually causes problems with 
> chroots, because you'll be merrily telling the server that "hi, i am connecting
> from /chroot/var/run/.client.sock.25235, please write me back there". 
>
> The other problem is that the Server must be able to access the Client socket, 
> so the socket directory must be within the chrooted environment. 
>
> To solve this problem elegantly, we assume that your program has socket in
>
> /var/run/pdns.sock
>
> Which then becomes chrooted as
>
> /chroot/var/run/pdns.sock
>
> Now. to fix this, you'll just have to symlink /chroot/var/run/pdns under
> /var/run
>
> Now the server sees your sockets (both the client *and* server have their own
> socket), under /var/run/pdns.
>
> ---
> Aki Tuomi
>

Hi Aki,

    I gave up using a chroot, but still I have the same error message:

root at sa51 / # grep chroot /etc/powerdns/recursor.conf
# chroot    switch to chroot jail
# chroot=./

root at sa51 / # ls -l /var/run/pdns_recursor.controlsocket
srwxr-xr-x 1 root root 0 Nov  3 12:56 /var/run/pdns_recursor.controlsocket
root at sa51 / # ls -l /var/run/pdns_recursor.pid
-rw-r--r-- 1 root root 4 Nov  3 12:56 /var/run/pdns_recursor.pid

root at sa51 / # rec_control  ping
Fatal: Unable to connect to remote
'/var/run/pdns_recursor.controlsocket': Connection refused

More information about the Pdns-users mailing list