Package: bind9
Version: 1:9.8.1.dfsg.P1-4
Severity: normal

When creating a directory under /var/run please use shell code such as the
line in the following patch to give it the correct SE Linux label.  At the
moment this seems like it will only be a cosmetic error, but it would still
be nice to get this fixed for Wheezy if possible.

--- /etc/init.d/bind9.orig      2012-06-24 20:49:13.000000000 +1000
+++ /etc/init.d/bind9   2012-06-24 20:49:41.000000000 +1000
@@ -48,6 +48,7 @@
 
        # dirs under /var/run can go away on reboots.
        mkdir -p /var/run/named
+       [ -x /sbin/restorecon ] && /sbin/restorecon /var/run/named
        chmod 775 /var/run/named
        chown root:bind /var/run/named >/dev/null 2>&1 || true
 

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-2-686-pae (SMP w/1 CPU core)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages bind9 depends on:
ii  adduser                3.113+nmu3
ii  bind9utils             1:9.8.1.dfsg.P1-4
ii  debconf [debconf-2.0]  1.5.43
ii  libbind9-80            1:9.8.1.dfsg.P1-4
ii  libc6                  2.13-33
ii  libcap2                1:2.22-1
ii  libdns81               1:9.8.1.dfsg.P1-4
ii  libgssapi-krb5-2       1.10.1+dfsg-1
ii  libisc83               1:9.8.1.dfsg.P1-4
ii  libisccc80             1:9.8.1.dfsg.P1-4
ii  libisccfg82            1:9.8.1.dfsg.P1-4
ii  liblwres80             1:9.8.1.dfsg.P1-4
ii  libssl1.0.0            1.0.1c-3
ii  libxml2                2.8.0+dfsg1-3
ii  lsb-base               4.1+Debian6
ii  net-tools              1.60-24.1
ii  netbase                5.0

bind9 recommends no packages.

Versions of packages bind9 suggests:
pn  bind9-doc   <none>
ii  dnsutils    1:9.8.1.dfsg.P1-4
pn  resolvconf  <none>
pn  ufw         <none>

-- Configuration Files:
/etc/bind/named.conf.local changed:
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "//etc/bind/zones.rfc1918";
key "ns" {
        algorithm hmac-md5;
        secret 
"/41+6B/6msiQpakbN0JQFslrtwSPrnInsPQo5lI3st6n3DgpJLSivUrvf0ILj+HtcBj8MQCpO66LHrwfV+x4Ag==";
};
key "gw" { algorithm hmac-md5; secret "RPtAvz53t44PONwlcxq0Bg=="; };
key "bigbottle" { algorithm hmac-md5; secret "I8o8BwPR0hOTsgsUWBuE+A=="; };
key "xkcd" { algorithm hmac-md5; secret "v9yQ/MeU2yY3VfVF/mEzRA=="; };
include "//etc/bind/slaves.conf";
zone "sws.net.au" {
        type master;
        file "/etc/bind/data/sws.net.au";
        allow-transfer { key ns; key xkcd; };
};
zone "virtual" {
        type master;
        allow-query { internal; };
        file "/etc/bind/data/virtual";
};
zone "lurking-grue.org" {
        type master;
        file "/etc/bind/data/lurking-grue.org";
        allow-transfer { key ns; };
};
zone "coker.com.au" {
        type master;
        file "/etc/bind/data/coker.com.au";
        allow-transfer { key ns; key xkcd; };
};
zone "dyn.coker.com.au" {
        type master;
        file "/var/cache/bind/dyn.coker.com.au";
        allow-update { key "gw"; };
        allow-transfer { key ns; };
};
zone "dyn.bigbottlepurchases.com.au" {
        type master;
        file "/var/cache/bind/dyn.bigbottlepurchases.com.au";
        allow-update { key "bigbottle"; };
        allow-transfer { key ns; };
};
zone "andrecoker.com" {
        type master;
        file "/etc/bind/data/andrecoker.com";
        allow-transfer { key ns; };
};
zone "daphnecoker.com" {
        type master;
        file "/etc/bind/data/daphnecoker.com";
        allow-transfer { key ns; };
};
zone "russellcoker.com" {
        type master;
        file "/etc/bind/data/russellcoker.com";
        allow-transfer { key ns; };
};
zone "australiansecularhomescoolers.com.au" {
        type master;
        file "/etc/bind/data/australiansecularhomescoolers.com.au";
        allow-transfer { key ns; };
};
zone "fayecoker.com" {
        type master;
        file "/etc/bind/data/fayecoker.com";
        allow-transfer { key ns; };
};
zone "unixapropos.com" {
        type master;
        file "/etc/bind/data/unixapropos.com";
        allow-transfer { key ns; };
};
zone "likeadumptruck.com" {
        type master;
        file "/etc/bind/data/likeadumptruck.com";
        allow-transfer { key ns; };
};
zone "primewines.au.com" {
        type master;
        file "/etc/bind/data/primewines.au.com";
};
zone "aviation-center.com.au" {
        type master;
        file "/etc/bind/data/aviation-center.com.au";
};
zone "mivf.com.au" {
        type master;
        file "/etc/bind/data/mivf.com.au";
};
zone "bigbottlewine.com" {
        type master;
        file "/etc/bind/data/bigbottlewine.com";
};
zone "bigbottlepurchases.com.au" {
        type master;
        file "/etc/bind/data/bigbottlepurchases.com.au";
};
zone "46.36.203.in-addr.arpa" {
        type master;
        file "/etc/bind/data/203.36.46";
};
zone "sjl.com.au" {
        type master;
        file "/etc/bind/data/sjl.com.au";
};
zone "lukus.com.au" {
        type master;
        file "/etc/bind/data/lukus.com.au";
};
zone "nelsonwineco.com.au" {
        type master;
        file "/etc/bind/data/nelsonwineco.com.au";
};
zone "wholesalewines.com.au" {
        type master;
        file "/etc/bind/data/wholesalewines.com.au";
};
zone "msalandurb.com.au" {
        type master;
        file "/etc/bind/data/msalandurb.com.au";
};
zone "mcmahonfearnley.com.au" {
        type master;
        file "/etc/bind/data/mcmahonfearnley.com.au";
};
zone "fitzpatricklegal.com.au" {
        type master;
        file "/etc/bind/data/fitzpatricklegal.com.au";
};
zone "powerguardcontrollers.com.au" {
        type master;
        file "/etc/bind/data/powerguardcontrollers.com.au";
};
zone "powerguardcontrols.com" {
        type master;
        file "/etc/bind/data/powerguardcontrols.com";
};
zone "standbygenerator.com.au" {
        type master;
        file "/etc/bind/data/standbygenerator.com.au";
};
zone "abbotsfordhonda.com.au" {
        type master;
        file "/etc/bind/data/abbotsfordhonda.com.au";
};
zone "nationalbuyingpower.com.au" {
        type master;
        file "/etc/bind/data/nationalbuyingpower.com.au";
};

/etc/bind/named.conf.options changed:
acl internal {
        127.0.0.0/8;
        10.0.0.0/8;
        192.168.0.0/16;   // LAN private addresses
        220.245.30.16/29; // old sws local range
        220.245.31.40/29; // sws local range
        62.141.42.186;
        203.217.29.237;
};
options {
        directory "/var/cache/bind";
        // If there is a firewall between you and nameservers you want
        // to talk to, you might need to uncomment the query-source
        // directive below.  Previous versions of BIND always asked
        // questions using port 53, but BIND 8.1 and later use an unprivileged
        // port by default.
        notify-source 220.245.31.41;
        // If your ISP provided one or more IP addresses for stable 
        // nameservers, you probably want to use them as forwarders.  
        // Uncomment the following block, and insert the addresses replacing 
        // the all-0's placeholder.
        forwarders {
                8.8.8.8;
                8.8.4.4;
        };
        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
        allow-recursion { internal; };
        listen-on { any; };
        dnssec-enable yes;
        dnssec-validation yes;
//      dnssec-lookaside . trust-anchor dlv.isc.org.;
        zone-statistics 1;
};
// reduce log verbosity on issues outside our control
logging {
        category lame-servers { null; };
};

/etc/init.d/bind9 changed:
PATH=/sbin:/bin:/usr/sbin:/usr/bin
OPTIONS=""
RESOLVCONF=no
test -f /etc/default/bind9 && . /etc/default/bind9
test -x /usr/sbin/rndc || exit 0
.. /lib/lsb/init-functions
PIDFILE=/var/run/named/named.pid
check_network() {
    if [ -x /usr/bin/uname ] && [ "X$(/usr/bin/uname -o)" = XSolaris ]; then
        IFCONFIG_OPTS="-au"
    else
        IFCONFIG_OPTS=""
    fi
    if [ -z "$(/sbin/ifconfig $IFCONFIG_OPTS)" ]; then
       #log_action_msg "No networks configured."
       return 1
    fi
    return 0
}
case "$1" in
    start)
        log_daemon_msg "Starting domain name service..." "bind9"
        modprobe capability >/dev/null 2>&1 || true
        # dirs under /var/run can go away on reboots.
        mkdir -p /var/run/named
        [ -x /sbin/restorecon ] && /sbin/restorecon /var/run/named
        chmod 775 /var/run/named
        chown root:bind /var/run/named >/dev/null 2>&1 || true
        if [ ! -x /usr/sbin/named ]; then
            log_action_msg "named binary missing - not starting"
            log_end_msg 1
        fi
        if ! check_network; then
            log_action_msg "no networks configured"
            log_end_msg 1
        fi
        if start-stop-daemon --start --oknodo --quiet --exec /usr/sbin/named \
                --pidfile ${PIDFILE} -- $OPTIONS; then
            if [ "X$RESOLVCONF" != "Xno" ] && [ -x /sbin/resolvconf ] ; then
                echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.named
            fi
            log_end_msg 0
        else
            log_end_msg 1
        fi
    ;;
    stop)
        log_daemon_msg "Stopping domain name service..." "bind9"
        if ! check_network; then
            log_action_msg "no networks configured"
            log_end_msg 1
        fi
        if [ "X$RESOLVCONF" != "Xno" ] && [ -x /sbin/resolvconf ] ; then
            /sbin/resolvconf -d lo.named
        fi
        pid=$(/usr/sbin/rndc stop -p | awk '/^pid:/ {print $2}') || true
        if [ -z "$pid" ]; then          # no pid found, so either not running, 
or error
            pid=$(pgrep -f ^/usr/sbin/named) || true
            start-stop-daemon --stop --oknodo --quiet --exec /usr/sbin/named \
                    --pidfile ${PIDFILE} -- $OPTIONS
        fi
        if [ -n $pid ]; then
            sig=0
            n=1
            while kill -$sig $pid 2>/dev/null; do
                if [ $n -eq 1 ]; then
                    echo "waiting for pid $pid to die"
                fi
                if [ $n -eq 11 ]; then
                    echo "giving up on pid $pid with kill -0; trying -9"
                    sig=9
                fi
                if [ $n -gt 20 ]; then
                    echo "giving up on pid $pid"
                    break
                fi
                n=$(($n+1))
                sleep 1
            done
        fi
        log_end_msg 0
    ;;
    reload|force-reload)
        log_daemon_msg "Reloading domain name service..." "bind9"
        if ! check_network; then
            log_action_msg "no networks configured"
            log_end_msg 1
        fi
        /usr/sbin/rndc reload >/dev/null && log_end_msg 0 || log_end_msg 1
    ;;
    restart)
        if ! check_network; then
            log_action_msg "no networks configured"
            exit 1
        fi
        $0 stop
        $0 start
    ;;
    
    status)
        ret=0
        status_of_proc -p ${PIDFILE} /usr/sbin/named bind9 2>/dev/null || ret=$?
        exit $ret
        ;;
    *)
        log_action_msg "Usage: /etc/init.d/bind9 
{start|stop|reload|restart|force-reload|status}"
        exit 1
    ;;
esac
exit 0


-- debconf information:
  bind9/different-configuration-file:
  bind9/run-resolvconf: true
  bind9/start-as-user: bind



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to