[Pdns-users] [Q] pdsn recursor chroot environment error : rec_control = Fatal: Unable to receive message over control channel: Success
cmouse at youzen.ext.b2.fi
Thu Nov 3 13:57:23 UTC 2011
On Thu, Nov 03, 2011 at 01:45:58PM +0100, JKL wrote:
> On 10/31/2011 09:18 PM, Aki Tuomi wrote:
> > On Mon, Oct 31, 2011 at 06:00:38PM +0100, Peter van Dijk wrote:
> >> Hello S,
> >> On Oct 27, 2011, at 15:57 , J4K wrote:
> >>> root at sa51 /var/spool/powerdns/var/run # ls -l
> >>> total 0
> >>> lrwxrwxrwx 1 root root 36 Oct 27 15:37 pdns_recursor.controlsocket ->
> >>> /var/run/pdns_recursor.controlsocket
> >>> lrwxrwxrwx 1 root root 26 Oct 27 15:37 pdns_recursor.pid ->
> >>> /var/run/pdns_recursor.pid
> >> Symlink targets are subject to chroot rules too. When viewed within the chroot, your symlinks are just pointing to themselves. I would suggest experimenting with hardlinking them, or making the symlinks the other way around.
> >> Note that when I try here, the socket ends up outside of the chroot but rec_control is still unable to get a response from the recursor.
> >> Please let me know whether you get this running with symlinks or hard links in the right direction; if not, I will investigate whether there are bugs in this area.
> >> Kind regards,
> >> Peter van Dijk
> > Actually, this problem is easily solved after you understand how unix sockets
> > really work. The issue at hand is that the location (directory) of the socket
> > must be same for both parties, at least, it must seem so.
> > The Unix sockets work by having a server socket somewhere, and when you connect
> > to it, you (usually) create a client socket in the same directory, and provide
> > the directory of that to the server. And this usually causes problems with
> > chroots, because you'll be merrily telling the server that "hi, i am connecting
> > from /chroot/var/run/.client.sock.25235, please write me back there".
> > The other problem is that the Server must be able to access the Client socket,
> > so the socket directory must be within the chrooted environment.
> > To solve this problem elegantly, we assume that your program has socket in
> > /var/run/pdns.sock
> > Which then becomes chrooted as
> > /chroot/var/run/pdns.sock
> > Now. to fix this, you'll just have to symlink /chroot/var/run/pdns under
> > /var/run
> > Now the server sees your sockets (both the client *and* server have their own
> > socket), under /var/run/pdns.
> > ---
> > Aki Tuomi
> Hi Aki,
> I gave up using a chroot, but still I have the same error message:
> root at sa51 / # grep chroot /etc/powerdns/recursor.conf
> # chroot switch to chroot jail
> # chroot=./
> root at sa51 / # ls -l /var/run/pdns_recursor.controlsocket
> srwxr-xr-x 1 root root 0 Nov 3 12:56 /var/run/pdns_recursor.controlsocket
> root at sa51 / # ls -l /var/run/pdns_recursor.pid
> -rw-r--r-- 1 root root 4 Nov 3 12:56 /var/run/pdns_recursor.pid
> root at sa51 / # rec_control ping
> Fatal: Unable to connect to remote
> '/var/run/pdns_recursor.controlsocket': Connection refused
Different error, this is Connection Refused, which means that the server
refused to speak to you.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: Digital signature
More information about the Pdns-users