[bind/f20] Rework the chroot creation/destruction workflow (#1097671)
Tomas Hozza
thozza at fedoraproject.org
Fri Jul 18 14:05:30 UTC 2014
commit eeb87f650a8d5b01c1542474dff543c449719b91
Author: Tomas Hozza <thozza at redhat.com>
Date: Fri Jul 18 15:45:11 2014 +0200
Rework the chroot creation/destruction workflow (#1097671)
Signed-off-by: Tomas Hozza <thozza at redhat.com>
bind.spec | 11 ++++++++++-
named-chroot.service | 5 ++---
named-sdb-chroot.service | 5 ++---
named-sdb.service | 3 ++-
named-setup-chroot.service | 11 +++++++++++
named-setup-rndc.service | 7 +++++++
named.service | 3 ++-
setup-named-chroot.sh | 2 +-
8 files changed, 37 insertions(+), 10 deletions(-)
---
diff --git a/bind.spec b/bind.spec
index 771de98..cc69139 100644
--- a/bind.spec
+++ b/bind.spec
@@ -27,7 +27,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind
License: ISC
Version: 9.9.4
-Release: 14.%{?PATCHVER}%{?PREVER}%{?dist}
+Release: 15.%{?PATCHVER}%{?PREVER}%{?dist}
Epoch: 32
Url: http://www.isc.org/products/BIND/
Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -56,6 +56,8 @@ Source40: named-sdb-chroot.service
Source41: setup-named-chroot.sh
Source42: generate-rndc-key.sh
Source43: named.rwtab
+Source44: named-setup-rndc.service
+Source45: named-setup-chroot.service
# Common patches
Patch5: bind-nonexec.patch
@@ -465,6 +467,8 @@ install -m 644 %{SOURCE38} ${RPM_BUILD_ROOT}%{_unitdir}
install -m 644 %{SOURCE39} ${RPM_BUILD_ROOT}%{_unitdir}
%endif
install -m 644 %{SOURCE40} ${RPM_BUILD_ROOT}%{_unitdir}
+install -m 644 %{SOURCE44} ${RPM_BUILD_ROOT}%{_unitdir}
+install -m 644 %{SOURCE45} ${RPM_BUILD_ROOT}%{_unitdir}
mkdir -p ${RPM_BUILD_ROOT}%{_libexecdir}
install -m 755 %{SOURCE41} ${RPM_BUILD_ROOT}%{_libexecdir}/setup-named-chroot.sh
@@ -648,6 +652,8 @@ rm -rf ${RPM_BUILD_ROOT}
%{_sysconfdir}/tmpfiles.d/named.conf
%{_sysconfdir}/rwtab.d/named
%{_unitdir}/named.service
+%{_unitdir}/named-setup-rndc.service
+%{_unitdir}/named-setup-chroot.service
%{_sysconfdir}/NetworkManager/dispatcher.d/13-named
%{_sbindir}/named-journalprint
%{_sbindir}/named-checkconf
@@ -815,6 +821,9 @@ rm -rf ${RPM_BUILD_ROOT}
%endif
%changelog
+* Fri Jul 18 2014 Tomas Hozza <thozza at redhat.com> 32:9.9.4-15.P2
+- Rework the chroot creation/destruction workflow (#1097671)
+
* Fri Jul 18 2014 Tomas Hozza <thozza at redhat.com> 32:9.9.4-14.P2
- Use network-online.target instead of network.target (#1117086)
diff --git a/named-chroot.service b/named-chroot.service
index 4e47db8..20cc314 100644
--- a/named-chroot.service
+++ b/named-chroot.service
@@ -6,8 +6,10 @@
Description=Berkeley Internet Name Domain (DNS)
Wants=nss-lookup.target
Wants=network-online.target
+Requires=named-setup-chroot.service
Before=nss-lookup.target
After=network-online.target
+After=named-setup-chroot.service
[Service]
Type=forking
@@ -15,15 +17,12 @@ EnvironmentFile=-/etc/sysconfig/named
Environment=KRB5_KTNAME=/etc/named.keytab
PIDFile=/var/named/chroot/run/named/named.pid
-ExecStartPre=/usr/libexec/generate-rndc-key.sh
-ExecStartPre=/usr/libexec/setup-named-chroot.sh /var/named/chroot on
ExecStartPre=/usr/sbin/named-checkconf -t /var/named/chroot -z /etc/named.conf
ExecStart=/usr/sbin/named -u named -t /var/named/chroot $OPTIONS
ExecReload=/bin/sh -c '/usr/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID'
ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID'
-ExecStopPost=/usr/libexec/setup-named-chroot.sh /var/named/chroot off
PrivateTmp=false
diff --git a/named-sdb-chroot.service b/named-sdb-chroot.service
index 9dfac07..4d69f9d 100644
--- a/named-sdb-chroot.service
+++ b/named-sdb-chroot.service
@@ -6,8 +6,10 @@
Description=Berkeley Internet Name Domain (DNS)
Wants=nss-lookup.target
Wants=network-online.target
+Requires=named-setup-chroot.service
Before=nss-lookup.target
After=network-online.target
+After=named-setup-chroot.service
[Service]
Type=forking
@@ -15,15 +17,12 @@ EnvironmentFile=-/etc/sysconfig/named
Environment=KRB5_KTNAME=/etc/named.keytab
PIDFile=/var/named/chroot/run/named/named.pid
-ExecStartPre=/usr/libexec/generate-rndc-key.sh
-ExecStartPre=/usr/libexec/setup-named-chroot.sh /var/named/chroot on
ExecStartPre=/usr/sbin/named-checkconf -t /var/named/chroot -z /etc/named.conf
ExecStart=/usr/sbin/named-sdb -u named -t /var/named/chroot $OPTIONS
ExecReload=/bin/sh -c '/usr/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID'
ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID'
-ExecStopPost=/usr/libexec/setup-named-chroot.sh /var/named/chroot off
PrivateTmp=false
diff --git a/named-sdb.service b/named-sdb.service
index bd99185..4d1a3f8 100644
--- a/named-sdb.service
+++ b/named-sdb.service
@@ -2,8 +2,10 @@
Description=Berkeley Internet Name Domain (DNS)
Wants=nss-lookup.target
Wants=network-online.target
+Wants=named-setup-rndc.service
Before=nss-lookup.target
After=network-online.target
+After=named-setup-rndc.service
[Service]
Type=forking
@@ -11,7 +13,6 @@ EnvironmentFile=-/etc/sysconfig/named
Environment=KRB5_KTNAME=/etc/named.keytab
PIDFile=/run/named/named.pid
-ExecStartPre=/usr/libexec/generate-rndc-key.sh
ExecStartPre=/usr/sbin/named-checkconf -z /etc/named.conf
ExecStart=/usr/sbin/named-sdb -u named $OPTIONS
diff --git a/named-setup-chroot.service b/named-setup-chroot.service
new file mode 100644
index 0000000..e04afaa
--- /dev/null
+++ b/named-setup-chroot.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Set-up/destroy chroot environment for named (DNS)
+Wants=named-setup-rndc.service
+After=named-setup-rndc.service
+StopWhenUnneeded=yes
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/libexec/setup-named-chroot.sh /var/named/chroot on
+ExecStop=/usr/libexec/setup-named-chroot.sh /var/named/chroot off
diff --git a/named-setup-rndc.service b/named-setup-rndc.service
new file mode 100644
index 0000000..ff85e3c
--- /dev/null
+++ b/named-setup-rndc.service
@@ -0,0 +1,7 @@
+[Unit]
+Description=Generate rndc key for BIND (DNS)
+
+[Service]
+Type=oneshot
+
+ExecStart=/usr/libexec/generate-rndc-key.sh
diff --git a/named.service b/named.service
index 8f8189f..a2f9cc4 100644
--- a/named.service
+++ b/named.service
@@ -2,8 +2,10 @@
Description=Berkeley Internet Name Domain (DNS)
Wants=nss-lookup.target
Wants=network-online.target
+Wants=named-setup-rndc.service
Before=nss-lookup.target
After=network-online.target
+After=named-setup-rndc.service
[Service]
Type=forking
@@ -11,7 +13,6 @@ EnvironmentFile=-/etc/sysconfig/named
Environment=KRB5_KTNAME=/etc/named.keytab
PIDFile=/run/named/named.pid
-ExecStartPre=/usr/libexec/generate-rndc-key.sh
ExecStartPre=/usr/sbin/named-checkconf -z /etc/named.conf
ExecStart=/usr/sbin/named -u named $OPTIONS
diff --git a/setup-named-chroot.sh b/setup-named-chroot.sh
index 9f96278..8de494b 100755
--- a/setup-named-chroot.sh
+++ b/setup-named-chroot.sh
@@ -44,7 +44,7 @@ mount_chroot_conf()
# Mount source is a directory. Mount it only if directory in chroot is
# empty.
if [ -e "$all" ] && [ `ls -1A $ROOTDIR$all | wc -l` -eq 0 ]; then
- mount --rbind "$all" "$ROOTDIR$all"
+ mount --bind --make-private "$all" "$ROOTDIR$all"
fi
fi
done
More information about the scm-commits
mailing list