Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pdns_server does not start correctly when systemd service is using Type=notify and is chrooted #4179

Closed
joakimlemb opened this issue Jul 14, 2016 · 7 comments

Comments

@joakimlemb
Copy link

commented Jul 14, 2016

When /lib/systemd/system/pdns.service is configured with Type=notfiy and Powerdns is configured to use chroot systemctl start pdns only hangs and never finishes.

Strace output from systemctl start pdns:

strace service pdns start
execve("/usr/sbin/service", ["service", "pdns", "start"], [/* 18 vars */]) = 0
brk(0)                                  = 0x7fee3799f000
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fee378ec000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=16528, ...}) = 0
mmap(NULL, 16528, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fee378e7000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\34\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1738176, ...}) = 0
mmap(NULL, 3844640, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fee37105000
mprotect(0x7fee372a7000, 2093056, PROT_NONE) = 0
mmap(0x7fee374a6000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a1000) = 0x7fee374a6000
mmap(0x7fee374ac000, 14880, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fee374ac000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fee378e6000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fee378e5000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fee378e4000
arch_prctl(ARCH_SET_FS, 0x7fee378e5700) = 0
mprotect(0x7fee374a6000, 16384, PROT_READ) = 0
mprotect(0x7fee378ee000, 12288, PROT_READ) = 0
mprotect(0x7fee376d0000, 4096, PROT_READ) = 0
munmap(0x7fee378e7000, 16528)           = 0
getpid()                                = 4095
rt_sigaction(SIGCHLD, {0x7fee376e4fd0, ~[RTMIN RT_1], SA_RESTORER, 0x7fee3713a0e0}, NULL, 8) = 0
geteuid()                               = 0
brk(0)                                  = 0x7fee3799f000
brk(0x7fee379c0000)                     = 0x7fee379c0000
getppid()                               = 4092
stat("/etc/systemd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
open("/usr/sbin/service", O_RDONLY)     = 3
fcntl(3, F_DUPFD, 10)                   = 10
close(3)                                = 0
fcntl(10, F_SETFD, FD_CLOEXEC)          = 0
rt_sigaction(SIGINT, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGINT, {0x7fee376e4fd0, ~[RTMIN RT_1], SA_RESTORER, 0x7fee3713a0e0}, NULL, 8) = 0
rt_sigaction(SIGQUIT, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGQUIT, {SIG_DFL, ~[RTMIN RT_1], SA_RESTORER, 0x7fee3713a0e0}, NULL, 8) = 0
rt_sigaction(SIGTERM, NULL, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGTERM, {SIG_DFL, ~[RTMIN RT_1], SA_RESTORER, 0x7fee3713a0e0}, NULL, 8) = 0
read(10, "#!/bin/sh\n\n#####################"..., 8192) = 8192
pipe([3, 4])                            = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fee378e59d0) = 4096
close(4)                                = 0
read(3, "service\n", 128)               = 8
read(3, "", 128)                        = 0
close(3)                                = 0
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 4096
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4096, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
rt_sigreturn()                          = 4096
pipe([3, 4])                            = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fee378e59d0) = 4097
close(4)                                = 0
read(3, "service\n", 128)               = 8
read(3, "", 128)                        = 0
close(3)                                = 0
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 4097
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4097, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
rt_sigreturn()                          = 4097
stat("/run/systemd/system", {st_mode=S_IFDIR|0755, st_size=40, ...}) = 0
chdir("/")                              = 0
faccessat(AT_FDCWD, "/etc/init/pdns.conf", R_OK) = -1 ENOENT (No such file or directory)
read(10, "      # Users who need more cont"..., 8192) = 1401
pipe([3, 4])                            = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fee378e59d0) = 4098
close(4)                                = 0
read(3, "acpid.socket\nssh.socket\nsyslog.s"..., 128) = 128
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4098, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
rt_sigreturn()                          = 128
read(3, "tdownd.socket\nsystemd-udevd-cont"..., 128) = 71
read(3, "", 128)                        = 0
close(3)                                = 0
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 4098
pipe([3, 4])                            = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fee378e59d0) = 4101
close(4)                                = 0
read(3, "Triggers=acpid.service\n", 128) = 23
read(3, "", 128)                        = 0
close(3)                                = 0
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 4101
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4101, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
rt_sigreturn()                          = 4101
pipe([3, 4])                            = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fee378e59d0) = 4102
close(4)                                = 0
read(3, "Triggers=\n", 128)             = 10
read(3, "", 128)                        = 0
close(3)                                = 0
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 4102
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4102, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
rt_sigreturn()                          = 4102
pipe([3, 4])                            = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fee378e59d0) = 4103
close(4)                                = 0
read(3, "Triggers=rsyslog.service\n", 128) = 25
read(3, "", 128)                        = 0
close(3)                                = 0
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 4103
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4103, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
rt_sigreturn()                          = 4103
pipe([3, 4])                            = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fee378e59d0) = 4104
close(4)                                = 0
read(3, "Triggers=systemd-initctl.service"..., 128) = 33
read(3, "", 128)                        = 0
close(3)                                = 0
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 4104
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4104, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
rt_sigreturn()                          = 4104
pipe([3, 4])                            = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fee378e59d0) = 4105
close(4)                                = 0
read(3, "Triggers=systemd-journald.servic"..., 128) = 34
read(3, "", 128)                        = 0
close(3)                                = 0
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 4105
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4105, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
rt_sigreturn()                          = 4105
pipe([3, 4])                            = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fee378e59d0) = 4106
close(4)                                = 0
read(3, "Triggers=systemd-journald.servic"..., 128) = 34
read(3, "", 128)                        = 0
close(3)                                = 0
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 4106
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4106, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
rt_sigreturn()                          = 4106
pipe([3, 4])                            = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fee378e59d0) = 4107
close(4)                                = 0
read(3, "Triggers=systemd-shutdownd.servi"..., 128) = 35
read(3, "", 128)                        = 0
close(3)                                = 0
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 4107
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4107, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
rt_sigreturn()                          = 4107
pipe([3, 4])                            = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fee378e59d0) = 4108
close(4)                                = 0
read(3, "Triggers=systemd-udevd.service\n", 128) = 31
read(3, "", 128)                        = 0
close(3)                                = 0
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 4108
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4108, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
rt_sigreturn()                          = 4108
pipe([3, 4])                            = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7fee378e59d0) = 4109
close(4)                                = 0
read(3, "Triggers=systemd-udevd.service\n", 128) = 31
read(3, "", 128)                        = 0
close(3)                                = 0
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 4109
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4109, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
rt_sigreturn()                          = 4109
execve("/usr/local/sbin/systemctl", ["systemctl", "start", "pdns.service"], [/* 18 vars */]) = -1 ENOENT (No such file or directory)
execve("/usr/local/bin/systemctl", ["systemctl", "start", "pdns.service"], [/* 18 vars */]) = -1 ENOENT (No such file or directory)
execve("/usr/sbin/systemctl", ["systemctl", "start", "pdns.service"], [/* 18 vars */]) = -1 ENOENT (No such file or directory)
execve("/usr/bin/systemctl", ["systemctl", "start", "pdns.service"], [/* 18 vars */]) = -1 ENOENT (No such file or directory)
execve("/sbin/systemctl", ["systemctl", "start", "pdns.service"], [/* 18 vars */]) = -1 ENOENT (No such file or directory)
execve("/bin/systemctl", ["systemctl", "start", "pdns.service"], [/* 18 vars */]) = 0
brk(0)                                  = 0x7f5732ee0000
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5732be5000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=16528, ...}) = 0
mmap(NULL, 16528, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5732be0000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20o\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=137440, ...}) = 0
mmap(NULL, 2213008, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f5732529000
mprotect(0x7f5732541000, 2093056, PROT_NONE) = 0
mmap(0x7f5732740000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f5732740000
mmap(0x7f5732742000, 13456, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f5732742000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\34\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1738176, ...}) = 0
mmap(NULL, 3844640, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f573217e000
mprotect(0x7f5732320000, 2093056, PROT_NONE) = 0
mmap(0x7f573251f000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1a1000) = 0x7f573251f000
mmap(0x7f5732525000, 14880, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f5732525000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libselinux.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20c\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=142728, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5732bdf000
mmap(NULL, 2246896, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f5731f59000
mprotect(0x7f5731f7a000, 2097152, PROT_NONE) = 0
mmap(0x7f573217a000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x21000) = 0x7f573217a000
mmap(0x7f573217c000, 6384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f573217c000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/liblzma.so.5", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P(\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=141752, ...}) = 0
mmap(NULL, 2236936, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f5731d36000
mprotect(0x7f5731d58000, 2093056, PROT_NONE) = 0
mmap(0x7f5731f57000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x21000) = 0x7f5731f57000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libgcrypt.so.20", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\216\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=924096, ...}) = 0
mmap(NULL, 3020448, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f5731a54000
mprotect(0x7f5731b2c000, 2097152, PROT_NONE) = 0
mmap(0x7f5731d2c000, 40960, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xd8000) = 0x7f5731d2c000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libpcre.so.3", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20\27\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=448440, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5732bde000
mmap(NULL, 2543976, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f57317e6000
mprotect(0x7f5731852000, 2097152, PROT_NONE) = 0
mmap(0x7f5731a52000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6c000) = 0x7f5731a52000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\16\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=14664, ...}) = 0
mmap(NULL, 2109712, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f57315e2000
mprotect(0x7f57315e5000, 2093056, PROT_NONE) = 0
mmap(0x7f57317e4000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f57317e4000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libgpg-error.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@'\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=72136, ...}) = 0
mmap(NULL, 2167376, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f57313d0000
mprotect(0x7f57313e1000, 2093056, PROT_NONE) = 0
mmap(0x7f57315e0000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x10000) = 0x7f57315e0000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5732bdd000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5732bdc000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5732bda000
arch_prctl(ARCH_SET_FS, 0x7f5732bda840) = 0
mprotect(0x7f573251f000, 16384, PROT_READ) = 0
mprotect(0x7f57315e0000, 4096, PROT_READ) = 0
mprotect(0x7f57317e4000, 4096, PROT_READ) = 0
mprotect(0x7f5732740000, 4096, PROT_READ) = 0
mprotect(0x7f5731a52000, 4096, PROT_READ) = 0
mprotect(0x7f5731d2c000, 4096, PROT_READ) = 0
mprotect(0x7f5731f57000, 4096, PROT_READ) = 0
mprotect(0x7f573217a000, 4096, PROT_READ) = 0
mprotect(0x7f5732be7000, 20480, PROT_READ) = 0
mprotect(0x7f5732966000, 4096, PROT_READ) = 0
munmap(0x7f5732be0000, 16528)           = 0
set_tid_address(0x7f5732bdab10)         = 4095
set_robust_list(0x7f5732bdab20, 24)     = 0
rt_sigaction(SIGRTMIN, {0x7f573252f9f0, [], SA_RESTORER|SA_SIGINFO, 0x7f57325388d0}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x7f573252fa80, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7f57325388d0}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
brk(0)                                  = 0x7f5732ee0000
brk(0x7f5732f01000)                     = 0x7f5732f01000
statfs("/sys/fs/selinux", 0x7fff5e557880) = -1 ENOENT (No such file or directory)
statfs("/selinux", 0x7fff5e557880)      = -1 ENOENT (No such file or directory)
open("/proc/filesystems", O_RDONLY)     = 3
fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5732be4000
read(3, "nodev\tsysfs\nnodev\trootfs\nnodev\tr"..., 1024) = 273
read(3, "", 1024)                       = 0
close(3)                                = 0
munmap(0x7f5732be4000, 4096)            = 0
open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=1607712, ...}) = 0
mmap(NULL, 1607712, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f5732a51000
close(3)                                = 0
access("/proc/vz", F_OK)                = -1 ENOENT (No such file or directory)
open("/run/systemd/container", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/proc/cmdline", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5732be4000
read(3, "BOOT_IMAGE=/boot/vmlinuz-3.16.0-"..., 1024) = 120
close(3)                                = 0
munmap(0x7f5732be4000, 4096)            = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
stat("/proc/1/root", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("/", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("/proc/1/root", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("/", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/run/systemd/system/", {st_mode=S_IFDIR|0755, st_size=40, ...}) = 0
geteuid()                               = 0
socket(PF_LOCAL, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
setsockopt(3, SOL_SOCKET, SO_PASSCRED, [1], 4) = 0
setsockopt(3, SOL_SOCKET, 0x22 /* SO_??? */, [0], 4) = 0
getsockopt(3, SOL_SOCKET, SO_RCVBUF, [212992], [4]) = 0
setsockopt(3, SOL_SOCKET, 0x21 /* SO_??? */, [8388608], 4) = 0
getsockopt(3, SOL_SOCKET, SO_SNDBUF, [212992], [4]) = 0
setsockopt(3, SOL_SOCKET, 0x20 /* SO_??? */, [8388608], 4) = 0
connect(3, {sa_family=AF_LOCAL, sun_path="/run/systemd/private"}, 22) = 0
getsockopt(3, SOL_SOCKET, SO_PEERCRED, {pid=1, uid=0, gid=0}, [12]) = 0
fstat(3, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
getsockopt(3, SOL_SOCKET, SO_ACCEPTCONN, [0], [4]) = 0
getsockname(3, {sa_family=AF_LOCAL, sun_path=@"00316"}, [8]) = 0
geteuid()                               = 0
sendmsg(3, {msg_name(0)=NULL, msg_iov(3)=[{"\0AUTH EXTERNAL ", 15}, {"30", 2}, {"\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n", 28}], msg_controllen=0, msg_flags=0}, MSG_DONTWAIT|MSG_NOSIGNAL) = 45
getsockopt(3, SOL_SOCKET, SO_PEERCRED, {pid=1, uid=0, gid=0}, [12]) = 0
stat("/proc/1/root", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("/", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f5732bdab10) = 4110
gettid()                                = 4095
open("/dev/urandom", O_RDONLY|O_NOCTTY|O_CLOEXEC) = 4
read(4, "\204\312v\314\27\351!?C\274P\37u8\231[", 16) = 16
close(4)                                = 0
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"OK d225d82b7cfa4921b11342d5a24a7"..., 256}], msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS{pid=1, uid=0, gid=0}}, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 52
sendmsg(3, {msg_name(0)=NULL, msg_iov(2)=[{"l\1\0\1 \0\0\0\1\0\0\0\240\0\0\0\1\1o\0\31\0\0\0/org/fre"..., 176}, {"\f\0\0\0pdns.service\0\0\0\0\7\0\0\0replace\0", 32}], msg_controllen=0, msg_flags=0}, MSG_DONTWAIT|MSG_NOSIGNAL) = 208
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"l\2\1\1(\0\0\0\1\0\0\0\17\0\0\0\5\1u\0\1\0\0\0", 24}], msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS{pid=1, uid=0, gid=0}}, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 24
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"\10\1g\0\1o\0\0#\0\0\0/org/freedesktop/sys"..., 48}], msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS{pid=1, uid=0, gid=0}}, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 48
sendmsg(3, {msg_name(0)=NULL, msg_iov(2)=[{"l\1\0\1\21\0\0\0\2\0\0\0\227\0\0\0\1\1o\0\31\0\0\0/org/fre"..., 168}, {"\f\0\0\0pdns.service\0", 17}], msg_controllen=0, msg_flags=0}, MSG_DONTWAIT|MSG_NOSIGNAL) = 185
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"l\4\1\1=\0\0\0\2\0\0\0q\0\0\0\1\1o\0\31\0\0\0", 24}], msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS{pid=1, uid=0, gid=0}}, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 24
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"/org/freedesktop/systemd1\0\0\0\0\0\0\0"..., 173}], msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS{pid=1, uid=0, gid=0}}, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 173
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"l\4\1\1\t\2\0\0\3\0\0\0\216\0\0\0\1\1o\0-\0\0\0", 24}], msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS{pid=1, uid=0, gid=0}}, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 24
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"/org/freedesktop/systemd1/unit/p"..., 657}], msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS{pid=1, uid=0, gid=0}}, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 657
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"l\4\1\1\214\2\0\0\4\0\0\0\216\0\0\0\1\1o\0-\0\0\0", 24}], msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS{pid=1, uid=0, gid=0}}, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 24
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"/org/freedesktop/systemd1/unit/p"..., 788}], msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS{pid=1, uid=0, gid=0}}, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 788
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"l\4\1\1H\0\0\0\5\0\0\0\206\0\0\0\1\1o\0#\0\0\0", 24}], msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS{pid=1, uid=0, gid=0}}, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 24
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"/org/freedesktop/systemd1/job/26"..., 200}], msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS{pid=1, uid=0, gid=0}}, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 200
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"l\2\1\0012\0\0\0\6\0\0\0\17\0\0\0\5\1u\0\2\0\0\0", 24}], msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS{pid=1, uid=0, gid=0}}, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 24
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"\10\1g\0\1o\0\0-\0\0\0/org/freedesktop/sys"..., 58}], msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS{pid=1, uid=0, gid=0}}, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 58
sendmsg(3, {msg_name(0)=NULL, msg_iov(2)=[{"l\1\0\0019\0\0\0\3\0\0\0\240\0\0\0\1\1o\0-\0\0\0/org/fre"..., 176}, {"\35\0\0\0org.freedesktop.systemd1.Uni"..., 57}], msg_controllen=0, msg_flags=0}, MSG_DONTWAIT|MSG_NOSIGNAL) = 233
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"l\2\1\1\10\0\0\0\7\0\0\0\17\0\0\0\5\1u\0\3\0\0\0", 24}], msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS{pid=1, uid=0, gid=0}}, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 24
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"\10\1g\0\1v\0\0\1b\0\0\0\0\0\0", 16}], msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS{pid=1, uid=0, gid=0}}, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 16
recvmsg(3, 0x7fff5e5563b0, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = -1 EAGAIN (Resource temporarily unavailable)
ppoll([{fd=3, events=POLLIN}], 1, NULL, NULL, 8) = 1 ([{fd=3, revents=POLLIN}])
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"l\4\1\1\t\2\0\0\10\0\0\0\216\0\0\0\1\1o\0-\0\0\0", 24}], msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS{pid=1, uid=0, gid=0}}, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 24
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"/org/freedesktop/systemd1/unit/p"..., 657}], msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS{pid=1, uid=0, gid=0}}, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 657
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"l\4\1\1\224\2\0\0\t\0\0\0\216\0\0\0\1\1o\0-\0\0\0", 24}], msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS{pid=1, uid=0, gid=0}}, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 24
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"/org/freedesktop/systemd1/unit/p"..., 796}], msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS{pid=1, uid=0, gid=0}}, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 796
recvmsg(3, 0x7fff5e5563b0, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = -1 EAGAIN (Resource temporarily unavailable)
ppoll([{fd=3, events=POLLIN}], 1, NULL, NULL, 8) = 1 ([{fd=3, revents=POLLIN}])
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"l\4\1\1I\0\0\0\n\0\0\0z\0\0\0\1\1o\0\31\0\0\0", 24}], msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS{pid=1, uid=0, gid=0}}, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 24
recvmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"/org/freedesktop/systemd1\0\0\0\0\0\0\0"..., 193}], msg_controllen=32, {cmsg_len=28, cmsg_level=SOL_SOCKET, cmsg_type=SCM_CREDENTIALS{pid=1, uid=0, gid=0}}, msg_flags=MSG_CMSG_CLOEXEC}, MSG_DONTWAIT|MSG_NOSIGNAL|MSG_CMSG_CLOEXEC) = 193

My current workaround is:

sed -i 's/Type=notify/Type=forking/g' /lib/systemd/system/pdns.service
sed -i 's/--daemon=no --disable-syslog --write-pid=no/--daemon=yes --disable-syslog --write-pid=yes/g' /lib/systemd/system/pdns.service
systemctl daemon-reload
systemctl restart pdns

(Basicly changing the systemd type to forking and setting daemon to yes)

Using PowerDNS Debian repo:
deb http://repo.powerdns.com/debian jessie-auth-40 main

Version information:
Debian version: 8.5
PowerDNS version: PowerDNS Authoritative Server 4.0.0 (C) 2001-2016 PowerDNS.COM BV

@pieterlexis

This comment has been minimized.

Copy link
Member

commented Jul 14, 2016

related to #4161

@pieterlexis

This comment has been minimized.

Copy link
Member

commented Jul 14, 2016

Another workaround is using Type=simple

@Popyllol

This comment has been minimized.

Copy link

commented Nov 23, 2017

Another workaround is to get the systemd notify thing to run by doing this:
My chroot is /var/chroot

# mkdir -p /var/chroot/run/systemd
# mount -t bind /run/systemd /var/chroot/run/systemd

So the pdns can notify the systemd over the socket.
Best way would be the pdns opens the socket before it chroots?

@Popyllol

This comment has been minimized.

Copy link

commented Nov 23, 2017

As a systemd file this would be:

# mkdir -p /var/chroot/run/systemd
# touch /var/chroot/run/systemd/notify

Put the following into /lib/systemd/system/var-chroot-run-systemd-notify.mount

[Unit]
Description=Mount /run/systemd/notify to chroot
DefaultDependencies=no
ConditionPathExists=/var/chroot/run/systemd/notify
ConditionCapability=CAP_SYS_ADMIN
After=systemd-modules-load.service
Before=pdns-recursor.service

[Mount]
What=/run/systemd/notify
Where=/var/chroot/run/systemd/notify
Type=none
Options=bind

[Install]
WantedBy=multi-user.target

After creation do not forget to do:

# systemctl daemon-reload
# systemctl start var-chroot-run-systemd-notify.mount
# systemctl status var-chroot-run-systemd-notify.mount 
● var-chroot-run-systemd-notify.mount - Mount /run/systemd/notify to chroot
   Loaded: loaded (/lib/systemd/system/var-chroot-run-systemd-notify.mount; static; vendor preset: enabled)
   Active: active (mounted) since Do 2017-11-23 16:53:38 CET; 3s ago
    Where: /var/chroot/run/systemd/notify
     What: tmpfs
  Process: 21266 ExecMount=/bin/mount /run/systemd/notify /var/chroot/run/systemd/notify -t none -o bind (code=exited, status=0/SUCCESS)

If it was an success enable it:

# systemctl enable var-chroot-run-systemd-notify.mount
@rmccullagh

This comment has been minimized.

Copy link

commented Nov 6, 2018

This issue still exists in Ubuntu 16.04. I can confirm that any systemctl restart pdns will hang forever

@rmccullagh

This comment has been minimized.

Copy link

commented Nov 6, 2018

I can confirm @joakimlemb works. Changing it to a forking type seems to fix the issue. However, should --guardian=yes be changed too?

PowerDNS team, can you advise on what to do?

@pieterlexis

This comment has been minimized.

Copy link
Member

commented Nov 6, 2018

PowerDNS team, can you advise on what to do?

Our policy is, don't chroot.

@pieterlexis pieterlexis closed this Nov 6, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.