Bug 25140

Summary:	can not start bind in chroot
Product:	Mageia	Reporter:	eric gerbier <eric.gerbier>
Component:	RPM Packages	Assignee:	Mageia Bug Squad <bugsquad>
Status:	RESOLVED FIXED	QA Contact:
Severity:	normal
Priority:	Normal
Version:	7
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:
Source RPM:	bind-9.11.6-1.mga7.src.rpm	CVE:
Status comment:

Description eric gerbier 2019-07-17 10:10:04 CEST

Description of problem:
try to start bind in chroot (as it was in mageia6)

the daemon does not start and return openssl errors :

openssl_link.c:297: fatal error:
OpenSSL pseudorandom number generator cannot be initialized (see the `PRNG not seeded' message in the OpenSSL FAQ)
exiting (due to fatal error in library)


I have check the devices in chroot :
]# ls -al /var/named/chroot/dev/
total 8
drwxr-xr-x 2 root root  4096 juil. 17 09:16 ./
drwxr-xr-x 7 root root  4096 juil. 17 09:15 ../
crw-rw-rw- 1 root named 1, 3 juil. 17 09:16 null
crw-rw-rw- 1 root named 1, 8 juil. 17 09:16 random
crw-rw-rw- 1 root named 1, 9 juil. 17 09:16 urandom
crw-rw-rw- 1 root named 1, 5 juil. 17 09:16 zero


Version-Release number of selected component (if applicable):
bind-chroot-9.11.6-1.mga7


How reproducible:


Steps to Reproduce:
1. urpmi bind-chroot
   configure/check the named.conf
2. systemctl start named-chroot-setup.service
3. systemctl start named-chroot.service
4. systemctl status named-chroot.service

named-chroot.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named-chroot.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2019-07-17 10:04:38 CEST; 39s ago
  Process: 38564 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -t /var/named/chroot -z "$NAMEDCONF"; else echo ">
  Process: 38566 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} -t /var/named/chroot $OPTIONS (code=exited, status=1/FAILURE)

juil. 17 10:04:38 web2-dmz.umr-cnrm.fr named[38567]: adjusted limit on open files from 524288 to 1048576
juil. 17 10:04:38 web2-dmz.umr-cnrm.fr named[38567]: found 12 CPUs, using 12 worker threads
juil. 17 10:04:38 web2-dmz.umr-cnrm.fr named[38567]: using 11 UDP listeners per interface
juil. 17 10:04:38 web2-dmz.umr-cnrm.fr named[38567]: using up to 21000 sockets
juil. 17 10:04:38 web2-dmz.umr-cnrm.fr named[38567]: openssl_link.c:297: fatal error:
juil. 17 10:04:38 web2-dmz.umr-cnrm.fr named[38567]: OpenSSL pseudorandom number generator cannot be initialized (see the `PRNG not seeded' message in the OpenSSL FAQ)
juil. 17 10:04:38 web2-dmz.umr-cnrm.fr named[38567]: exiting (due to fatal error in library)
juil. 17 10:04:38 web2-dmz.umr-cnrm.fr systemd[1]: named-chroot.service: Control process exited, code=exited, status=1/FAILURE
juil. 17 10:04:38 web2-dmz.umr-cnrm.fr systemd[1]: named-chroot.service: Failed with result 'exit-code'.
juil. 17 10:04:38 web2-dmz.umr-cnrm.fr systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).

Comment 1 eric gerbier 2019-07-17 11:02:15 CEST

fixed, I just remove the nodev option in /etc/fstab for /var

Status: NEW => RESOLVED
Resolution: (none) => FIXED