Propagate system emphemeral ports to chroot

BIND reads default system port ranges from /proc file. Propagate just
that single file to bind chroot. Defaults should be therefore the same
as on named.service.

Resolves: rhbz#2013595
This commit is contained in:
Petr Menšík 2021-10-13 11:21:00 +02:00
parent 31b69a221c
commit 5c9da7c5f9
2 changed files with 7 additions and 2 deletions

View File

@ -30,7 +30,7 @@
%global chroot_prefix %{bind_dir}/chroot
%global chroot_create_directories /dev /run/named %{_localstatedir}/{log,named,tmp} \\\
%{_sysconfdir}/{crypto-policies/back-ends,pki/dnssec-keys,named} \\\
%{_libdir}/bind %{_libdir}/named %{_datadir}/GeoIP
%{_libdir}/bind %{_libdir}/named %{_datadir}/GeoIP /proc/sys/net/ipv4
%global selinuxbooleans named_write_master_zones=1
## The order of libs is important. See lib/Makefile.in for details
@ -51,7 +51,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind
License: MPLv2.0
Version: 9.16.20
Release: 4%{?dist}
Release: 5%{?dist}
Epoch: 32
Url: https://www.isc.org/downloads/bind/
#
@ -1062,6 +1062,7 @@ fi;
%dir %{chroot_prefix}/%{_libdir}
%dir %{chroot_prefix}/%{_libdir}/bind
%dir %{chroot_prefix}/%{_datadir}/GeoIP
%{chroot_prefix}/proc
%defattr(0660,root,named,01770)
%dir %{chroot_prefix}%{_localstatedir}/named
%defattr(0660,named,named,0770)
@ -1134,6 +1135,9 @@ fi;
%endif
%changelog
* Wed Oct 13 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.20-5
- Propagate ephemeral port ranges to chroot (#2013595)
* Tue Oct 12 2021 Petr Menšík <pemensik@redhat.com> - 32:9.16.20-4
- Fixes listening on TCP in some race conditions (#1999691)

View File

@ -20,6 +20,7 @@
/usr/lib/named
/usr/share/GeoIP
/run/named
/proc/sys/net/ipv4/ip_local_port_range
# Warning: the order is important
# If a directory containing $ROOTDIR is listed here,
# it MUST be listed last. (/var/named contains /var/named/chroot)