Ubuntu Docker Images

Code review comment for ~ubuntu-docker-images/ubuntu-docker-images/+git/bind9:9.18-23.10

Git
lp:~ubuntu-docker-images/ubuntu-docker-images/+git/bind9
9.18-23.10
Merge into 9.18-23.04

Revision history for this message

Sergio Durigan Junior (sergiodj) wrote on 2023-10-24:

Thanks, Athos.

The image built fine, but I'm seeing permission problems with this one as well:

Starting named...
exec /usr/sbin/named -u "bind" "-g" ""
24-Oct-2023 18:17:06.481 starting BIND 9.18.18-0ubuntu2-Ubuntu (Extended Support Version) <id:>
24-Oct-2023 18:17:06.481 running on Linux x86_64 5.15.0-78-generic #85-Ubuntu SMP Fri Jul 7 15:25:09 UTC 2023
24-Oct-2023 18:17:06.481 built with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-UHPUkp/bind9-9.18.18=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -fdebug-prefix-map=/build/bind9-UHPUkp/bind9-9.18.18=/usr/src/bind9-1:9.18.18-0ubuntu2 -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
24-Oct-2023 18:17:06.481 running as: named -u bind -g
24-Oct-2023 18:17:06.481 compiled by GCC 13.2.0
24-Oct-2023 18:17:06.481 compiled with OpenSSL version: OpenSSL 3.0.10 1 Aug 2023
24-Oct-2023 18:17:06.481 linked to OpenSSL version: OpenSSL 3.0.10 1 Aug 2023
24-Oct-2023 18:17:06.481 compiled with libuv version: 1.44.2
24-Oct-2023 18:17:06.481 linked to libuv version: 1.44.2
24-Oct-2023 18:17:06.481 compiled with libxml2 version: 2.9.14
24-Oct-2023 18:17:06.481 linked to libxml2 version: 20914
24-Oct-2023 18:17:06.481 compiled with json-c version: 0.17
24-Oct-2023 18:17:06.481 linked to json-c version: 0.17
24-Oct-2023 18:17:06.481 compiled with zlib version: 1.2.13
24-Oct-2023 18:17:06.481 linked to zlib version: 1.2.13
24-Oct-2023 18:17:06.481 ----------------------------------------------------
24-Oct-2023 18:17:06.481 BIND 9 is maintained by Internet Systems Consortium,
24-Oct-2023 18:17:06.481 Inc. (ISC), a non-profit 501(c)(3) public-benefit
24-Oct-2023 18:17:06.481 corporation. Support and training for BIND 9 are
24-Oct-2023 18:17:06.481 available at https://www.isc.org/support
24-Oct-2023 18:17:06.481 ----------------------------------------------------
24-Oct-2023 18:17:06.481 found 16 CPUs, using 16 worker threads
24-Oct-2023 18:17:06.481 using 16 UDP listeners per interface
24-Oct-2023 18:17:06.485 DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
24-Oct-2023 18:17:06.485 DS algorithms: SHA-1 SHA-256 SHA-384
24-Oct-2023 18:17:06.485 HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
24-Oct-2023 18:17:06.485 TKEY mode 2 support (Diffie-Hellman): yes
24-Oct-2023 18:17:06.485 TKEY mode 3 support (GSS-API): yes
24-Oct-2023 18:17:06.485 config.c: option 'trust-anchor-telemetry' is experimental and subject to change in the future
24-Oct-2023 18:17:06.485 loading configuration from '/etc/bind/named.conf'
24-Oct-2023 18:17:06.485 directory '/var/cache/bind' is not writable
24-Oct-2023 18:17:06.485 /etc/bind/named.conf.options:2: parsing failed: permission denied
24-Oct-2023 18:17:06.485 loading configuration: permission denied
24-Oct-2023 18:17:06.485 exiting (due to fatal error)

This is strange and, again, feels like something misconfigured
locally, but I'm not sure. I'd like your opinion here. Thanks.

Thanks, Athos.

The image built fine, but I'm seeing permission problems with this one as well:

Starting named...
exec /usr/sbin/named -u "bind" "-g" ""
24-Oct-2023 18:17:06.481 starting BIND 9.18.18-0ubuntu2-Ubuntu (Extended Support Version) <id:>
24-Oct-2023 18:17:06.481 running on Linux x86_64 5.15.0-78-generic #85-Ubuntu SMP Fri Jul 7 15:25:09 UTC 2023
24-Oct-2023 18:17:06.481 built with  '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-UHPUkp/bind9-9.18.18=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -fdebug-prefix-map=/build/bind9-UHPUkp/bind9-9.18.18=/usr/src/bind9-1:9.18.18-0ubuntu2 -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
24-Oct-2023 18:17:06.481 running as: named -u bind -g
24-Oct-2023 18:17:06.481 compiled by GCC 13.2.0
24-Oct-2023 18:17:06.481 compiled with OpenSSL version: OpenSSL 3.0.10 1 Aug 2023
24-Oct-2023 18:17:06.481 linked to OpenSSL version: OpenSSL 3.0.10 1 Aug 2023
24-Oct-2023 18:17:06.481 compiled with libuv version: 1.44.2
24-Oct-2023 18:17:06.481 linked to libuv version: 1.44.2
24-Oct-2023 18:17:06.481 compiled with libxml2 version: 2.9.14
24-Oct-2023 18:17:06.481 linked to libxml2 version: 20914
24-Oct-2023 18:17:06.481 compiled with json-c version: 0.17
24-Oct-2023 18:17:06.481 linked to json-c version: 0.17
24-Oct-2023 18:17:06.481 compiled with zlib version: 1.2.13
24-Oct-2023 18:17:06.481 linked to zlib version: 1.2.13
24-Oct-2023 18:17:06.481 ----------------------------------------------------
24-Oct-2023 18:17:06.481 BIND 9 is maintained by Internet Systems Consortium,
24-Oct-2023 18:17:06.481 Inc. (ISC), a non-profit 501(c)(3) public-benefit
24-Oct-2023 18:17:06.481 corporation.  Support and training for BIND 9 are
24-Oct-2023 18:17:06.481 available at https://www.isc.org/support
24-Oct-2023 18:17:06.481 ----------------------------------------------------
24-Oct-2023 18:17:06.481 found 16 CPUs, using 16 worker threads
24-Oct-2023 18:17:06.481 using 16 UDP listeners per interface
24-Oct-2023 18:17:06.485 DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
24-Oct-2023 18:17:06.485 DS algorithms: SHA-1 SHA-256 SHA-384
24-Oct-2023 18:17:06.485 HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
24-Oct-2023 18:17:06.485 TKEY mode 2 support (Diffie-Hellman): yes
24-Oct-2023 18:17:06.485 TKEY mode 3 support (GSS-API): yes
24-Oct-2023 18:17:06.485 config.c: option 'trust-anchor-telemetry' is experimental and subject to change in the future
24-Oct-2023 18:17:06.485 loading configuration from '/etc/bind/named.conf'
24-Oct-2023 18:17:06.485 directory '/var/cache/bind' is not writable
24-Oct-2023 18:17:06.485 /etc/bind/named.conf.options:2: parsing failed: permission denied
24-Oct-2023 18:17:06.485 loading configuration: permission denied
24-Oct-2023 18:17:06.485 exiting (due to fatal error)

This is strange and, again, feels like something misconfigured
locally, but I'm not sure.  I'd like your opinion here.  Thanks.

review: Needs Information

« Back to merge proposal