Bug 4130 - chroot and 'include' not from chrooted path
chroot and 'include' not from chrooted path
Status: RESOLVED FIXED
Product: unbound
Classification: Unclassified
Component: server
1.7.3
x86_64 FreeBSD
: P5 enhancement
Assigned To: unbound team
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-07-19 01:19 CEST by Konstantin V Bekreyev
Modified: 2018-07-20 07:43 CEST (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Konstantin V Bekreyev 2018-07-19 01:19:13 CEST
I discovered an not obvious problem, when unbound starting in chroot and have include directive not from this chrooted path:

[1531948762] unbound[29370:0] fatal error: Could not read config file: /unbound.conf

In this case the /unbound.conf file is perfectly accessible, but included file is not.

Can it be possible to write in error that the problem is in the included file?
Comment 1 Wouter Wijngaards 2018-07-19 07:53:57 CEST
Hi Konstantin,

What is the issue?  You want more errors printed?  With unbound -dd it stays attached to console and prints all errors to the console.  Or do you want that error different.  The error you quote is printed when config parse fails, there are also more detailed errors, likely printed before it, by the parse routine.

If an include: "file" fails, it prints an error, "cannot open include file ...", is that not visible or is that the error that is wrong?  I am simply confused what error you don't see, or which one is written confusingly.

Best regards, Wouter
Comment 2 Konstantin V Bekreyev 2018-07-19 13:12:53 CEST
Yes, error "cannot open include file ..." will be more informative, than 'Could not read config file /unbound.con'.

I've already figured out that the problem is the inclusion of the file, but that someone can quickly figure out a similar problem - it would be easier to print about this explicitly.
Comment 3 Wouter Wijngaards 2018-07-19 13:17:35 CEST
Hi Konstantin,

It should print an error that it cannot include the config file, already.  There is code that should.  But you do not see that error.  Perhaps you don't see errors early at startup, or lines logged before the last one because they scrolled away, or is it started from system startup scripts and the error is gone?

This is what it prints for me with an include failure:
test.conf:2: error: cannot open include file 'bla.conf': No such file or directory
read test.conf failed: 1 errors in configuration file
[1531998961] unbound[32183:0] fatal error: Could not read config file: test.conf

I see that the logging is not fully initialised, because the config file has not been read in in the first two lines, and that is why it prints that way.  It likely prints to stdout or stderr, perhaps those streams are discarded?

With unbound -dd it prints to stderr, and you can type this in the command line terminal to see all the errors at startup.

Best regards, Wouter
Comment 4 Konstantin V Bekreyev 2018-07-19 13:40:34 CEST
I see this error in logfile: "/usr/local/etc/unbound/log/unbound.log" (path is from config file).

I run 'unbound-control reload' and got 'ok', but after this daemon was stopped with logged error above.

I think that -dd with printed to the stderr will be enough, just not obvious.
Comment 5 Wouter Wijngaards 2018-07-19 13:57:50 CEST
Hi Konstantin,

Maybe I should print a hint with the config file not read error that -dd can print early errors for easy inspection?

Best regards, Wouter
Comment 6 Konstantin V Bekreyev 2018-07-20 07:19:20 CEST
I think this is a great idea :)
Comment 7 Wouter Wijngaards 2018-07-20 07:43:04 CEST
Hi Konstantin,

Implemented, Thank you for the report!

Best regards, Wouter