rpms/bind
6
0
Fork 1
Code Issues Pull Requests Releases Activity

Create /var/named directories for bind-chroot

Browse Source 
Fixes bind-chroot in Image Mode. Include even subdirectories.

Resolves: RHEL-132053
This commit is contained in:
Petr Menšík 2025-12-12 16:52:32 +01:00
parent 060ccdf9e2
commit ba24b43b13
2 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
bind-chroot.tmpfiles.d Normal file
View File

@ -0,0 +1,37 @@
# vim: ft=conf:
# TODO: these definitions are in different form in rpm spec %files chroot section
# find a way to have it defined only once
#defattr(0664,root,named,-)
c /var/named/chroot/dev/null 0664 root named - 1:3
c /var/named/chroot/dev/random 0664 root named - 1:8
c /var/named/chroot/dev/urandom 0664 root named - 1:9
c /var/named/chroot/dev/zero 0664 root named - 1:5
#defattr(0640,root,named,0750)
d /var/named/chroot 0750 root named -
d /var/named/chroot/dev 0750 root named -
d /var/named/chroot/etc 0750 root named -
d /var/named/chroot/etc/named 0750 root named -
d /var/named/chroot/etc/pki 0750 root named -
d /var/named/chroot/etc/pki/dnssec-keys 0750 root named -
d /var/named/chroot/etc/crypto-policies 0750 root named -
d /var/named/chroot/etc/crypto-policies/back-ends 0750 root named -
d /var/named/chroot/var 0750 root named -
d /var/named/chroot/run 0750 root named -
#defattr(-,root,root,-)
d /var/named/chroot/usr - root root -
d /var/named/chroot/usr/lib64 - root root -
d /var/named/chroot/usr/lib64/bind - root root -
d /var/named/chroot/usr/share/GeoIP - root root -
d /var/named/chroot/usr/share/named - root root -
d /var/named/chroot/proc - root root -
d /var/named/chroot/proc/sys - root root -
d /var/named/chroot/proc/sys/net - root root -
d /var/named/chroot/proc/sys/net/ipv4 - root root -
#defattr(0660,root,named,01770)
d /var/named/chroot/var/named 01770 root named -
#defattr(0660,named,named,0770)
d /var/named/chroot/var/tmp 0770 named named -
d /var/named/chroot/var/log 0770 named named -
#defattr(-,named,named,-)
d /var/named/chroot/run/named - named named -
L /var/named/chroot/var/run - named named - ../run

8
bind.spec
View File

@ -80,7 +80,7 @@ License: MPL-2.0 AND ISC AND MIT AND BSD-3-Clause AND BSD-2-Clause
# Before rebasing bind, ensure bind-dyndb-ldap is ready to be rebuild and use side-tag with it.
# Updating just bind will cause freeipa-dns-server package to be uninstallable.
Version: 9.18.33
Release: 13%{?dist}
Release: 14%{?dist}
Epoch: 32
Url: https://www.isc.org/downloads/bind/
#
@ -111,6 +111,7 @@ Source46: named-setup-rndc.service
Source48: setup-named-softhsm.sh
Source49: named-chroot.files
Source50: named.sysusers
Source51: bind-chroot.tmpfiles.d
# Common patches
# FIXME: Is this still required?
@ -676,6 +677,7 @@ done
mkdir -p ${RPM_BUILD_ROOT}%{_tmpfilesdir}
install -p -m 644 %{SOURCE35} ${RPM_BUILD_ROOT}%{_tmpfilesdir}/named.conf
install -p -m 644 %{SOURCE51} ${RPM_BUILD_ROOT}%{_tmpfilesdir}/%{name}-chroot.conf
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/rwtab.d
install -p -m 644 %{SOURCE43} ${RPM_BUILD_ROOT}%{_sysconfdir}/rwtab.d/named
@ -911,6 +913,7 @@ fi;
%{_unitdir}/named-chroot.service
%{_unitdir}/named-chroot-setup.service
%{_libexecdir}/setup-named-chroot.sh
%{_tmpfilesdir}/%{name}-chroot.conf
%defattr(0664,root,named,-)
%ghost %dev(c,1,3) %verify(not mtime) %{chroot_prefix}/dev/null
%ghost %dev(c,1,8) %verify(not mtime) %{chroot_prefix}/dev/random
@ -955,6 +958,9 @@ fi;
%endif
%changelog
* Fri Dec 12 2025 Petr Menšík <pemensik@redhat.com> - 32:9.18.33-14
- Create /var/named directories for bind-chroot (RHEL-132053)
* Fri Oct 31 2025 Petr Menšík <pemensik@redhat.com> - 32:9.18.33-13
- Fix upstream reported regression in recent CVE fix (CVE-2025-8677)