[rhelv6-list] Bind chroot mess in RHEL6

[Matthias Saou]

Hi,

Is it just me, or is the way the whole bind/named chroot is done in
RHEL6 is now real ugly and messy?

The init script checks a whole bunch of stuff and uses "mount --bind"
all over the place to make various files and directories available
under the /var/named/chroot/ tree.

After a simple bind-chroot install and "service named start" :

# cat /etc/mtab 
/dev/vda1 / ext4 rw 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
devpts /dev/pts devpts rw,gid=5,mode=620 0 0
tmpfs /dev/shm tmpfs rw,rootcontext="system_u:object_r:tmpfs_t:s0" 0 0
none /proc/sys/fs/binfmt_misc binfmt_misc rw 0 0
/etc/named /var/named/chroot/etc/named none rw,bind 0 0
/var/named /var/named/chroot/var/named none rw,bind 0 0
/etc/named.conf /var/named/chroot/etc/named.conf none rw,bind 0 0
/etc/named.rfc1912.zones /var/named/chroot/etc/named.rfc1912.zones none
rw,bind 0 0
/etc/rndc.key /var/named/chroot/etc/rndc.key none rw,bind 0 0
/usr/lib64/bind /var/named/chroot/usr/lib64/bind none rw,bind 0 0
/etc/named.iscdlv.key /var/named/chroot/etc/named.iscdlv.key none
rw,bind 0 0

Yuck! Maybe it works with all of the defaults, but when changing things
slightly (file locations, directories used), it gets very fragile. Not
to mention that by default you get this utterly confusing empty path as
a side-effect of mouning /var/named on a sub-directory if itself :

/var/named/chroot/var/named/chroot/var/named

Sorry for the rant. I think I'll now consider not using the chroot
feature anymore since my DNS servers have the DNS service as their only
service and selinux in enforcing mode. I'll also use this as an excuse
to have another look around at other DNS daemons : 'tis the season to
be switchy!

Matthias

-- 
Clean custom Red Hat Linux rpm packages : http://freshrpms.net/
Fedora release 14 (Laughlin) - Linux kernel 2.6.35.6-48.fc14.x86_64
Load : 0.01 0.14 0.50