Merge ~ubuntu-docker-images/ubuntu-docker-images/+git/bind9:9.18-23.10 into ~ubuntu-docker-images/ubuntu-docker-images/+git/bind9:9.18-23.04

Thanks, Athos.

The image built fine, but I'm seeing permission problems with this one as well:

Starting named...
exec /usr/sbin/named -u "bind" "-g" ""
24-Oct-2023 18:17:06.481 starting BIND 9.18.18-0ubuntu2-Ubuntu (Extended Support Version) <id:>
24-Oct-2023 18:17:06.481 running on Linux x86_64 5.15.0-78-generic #85-Ubuntu SMP Fri Jul 7 15:25:09 UTC 2023
24-Oct-2023 18:17:06.481 built with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-UHPUkp/bind9-9.18.18=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -fdebug-prefix-map=/build/bind9-UHPUkp/bind9-9.18.18=/usr/src/bind9-1:9.18.18-0ubuntu2 -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
24-Oct-2023 18:17:06.481 running as: named -u bind -g
24-Oct-2023 18:17:06.481 compiled by GCC 13.2.0
24-Oct-2023 18:17:06.481 compiled with OpenSSL version: OpenSSL 3.0.10 1 Aug 2023
24-Oct-2023 18:17:06.481 linked to OpenSSL version: OpenSSL 3.0.10 1 Aug 2023
24-Oct-2023 18:17:06.481 compiled with libuv version: 1.44.2
24-Oct-2023 18:17:06.481 linked to libuv version: 1.44.2
24-Oct-2023 18:17:06.481 compiled with libxml2 version: 2.9.14
24-Oct-2023 18:17:06.481 linked to libxml2 version: 20914
24-Oct-2023 18:17:06.481 compiled with json-c version: 0.17
24-Oct-2023 18:17:06.481 linked to json-c version: 0.17
24-Oct-2023 18:17:06.481 compiled with zlib version: 1.2.13
24-Oct-2023 18:17:06.481 linked to zlib version: 1.2.13
24-Oct-2023 18:17:06.481 ----------------------------------------------------
24-Oct-2023 18:17:06.481 BIND 9 is maintained by Internet Systems Consortium,
24-Oct-2023 18:17:06.481 Inc. (ISC), a non-profit 501(c)(3) public-benefit
24-Oct-2023 18:17:06.481 corporation. Support and training for BIND 9 are
24-Oct-2023 18:17:06.481 available at https://www.isc.org/support
24-Oct-2023 18:17:06.481 ----------------------------------------------------
24-Oct-2023 18:17:06.481 found 16 CPUs, using 16 worker threads
24-Oct-2023 18:17:06.481 using 16 UDP listeners per interface
24-Oct-2023 18:17:06.485 DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
24-Oct-2023 18:17:06.485 DS a...

I'm talking to Athos about this and it seems like it's a problem caused by ZFS (which is what backs my docker volumes). I ran the test on another machine and everything passes, so I'm approving the MP.

Same comment from the squid MP applies here:

Now I'm not so sure this is only a problem with my system.

If I build the Lunar image locally, I can use it normally and tests pass.

If I build the Mantic image locally (from this MP), I see the error I mentioned above.

I also tried building the images and running the tests on diglett, which doesn't use ZFS on the root partition. There, I see everything succeed (including the Mantic image).

So there's really some strange interaction going on between docker, ZFS and the Mantic image, but I haven't had the time to dig more into this problem. Either way, I believe it's worth spending a bit more time investigating things just to make sure that we're not shipping broken images out there.

Thanks, Sergio!

I will go ahead and request the builds for this image as well. We can keep investigating this further to fully understand the issue.

For the records, we have only seen it manifest when mounting ZFS volumes (and only for the mantic images).

I will try to come up with a minimal reproducer.

Athos built and tagged the images on Launchpad, and then pushed them to Dockerhub. These images *do* work locally for me, which means that the problem likely happens when they're built *and* used on a system that uses ZFS.

This makes me less concerned about the issue, because even if our users are deploying those images on top of ZFS, they will still work.