[OE-core] [RFC PATCH 7/7][dora] bind: use volatiles for managing /var/ subdirs

Mark Hatle mark.hatle at windriver.com
Thu Dec 5 22:57:46 UTC 2013 

From: Ming Liu <ming.liu at windriver.com>

-- Sent for YP compliance --

Also changes ownerships of subdirs from root to bind and move chroot
entries to volatiles.

Based on meta-selinux commit: 0c2d3c680b1d43d73e4187f326990ae900b9055b

Signed-off-by: Ming Liu <ming.liu at windriver.com>
Signed-off-by: Robert Yang <liezhi.yang at windriver.com>
Signed-off-by: Mark Hatle <mark.hatle at windriver.com>
---
 meta/recipes-connectivity/bind/bind-9.8.1/bind9    | 10 +++---
 .../init.d-normalize-for-volatiles.patch           | 37 ++++++++++++++++++++++
 .../bind/bind-9.8.1/volatiles.98_bind              |  5 +++
 .../bind/bind-9.8.1/volatiles.99_bind-chroot       | 10 ++++++
 meta/recipes-connectivity/bind/bind_9.8.1.bb       | 17 +++++-----
 5 files changed, 65 insertions(+), 14 deletions(-)
 create mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/init.d-normalize-for-volatiles.patch
 create mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/volatiles.98_bind
 create mode 100644 meta/recipes-connectivity/bind/bind-9.8.1/volatiles.99_bind-chroot

diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/bind9 b/meta/recipes-connectivity/bind/bind-9.8.1/bind9
index 2774334..0ca6552 100644
--- a/meta/recipes-connectivity/bind/bind-9.8.1/bind9
+++ b/meta/recipes-connectivity/bind/bind-9.8.1/bind9
@@ -2,10 +2,10 @@
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~
 # Currently, you can use the following options:
 #
-# ROOTDIR="/var/named/chroot"  --  will run named in a chroot environment.
-#                            you must set up the chroot environment 
-#                            (install the bind-chroot package) before
-#                            doing this.
+# ROOTDIR="/var/run/named-chroot"  --  will run named in a chroot environment.
+#                                      you must set up the chroot environment 
+#                                      (install the bind-chroot package) before
+#                                      doing this.
 #	NOTE:
 #         Those directories are automatically mounted to chroot if they are
 #         empty in the ROOTDIR directory. It will simplify maintenance of your
@@ -25,7 +25,7 @@
 #
 # OPTIONS="whatever"     --  These additional options will be passed to named
 #                            at startup. Don't add -t here, use ROOTDIR instead.
-ROOTDIR="/var/named/chroot"
+ROOTDIR="/var/run/named-chroot"
 OPTIONS="-u bind"
 
 # When using a read-only rootfs additional setup may be required
diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/init.d-normalize-for-volatiles.patch b/meta/recipes-connectivity/bind/bind-9.8.1/init.d-normalize-for-volatiles.patch
new file mode 100644
index 0000000..bb502c8
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.8.1/init.d-normalize-for-volatiles.patch
@@ -0,0 +1,37 @@
+bind: normalize for volatiles changes
+
+Upstream-Status: Pending
+
+init.d needs to be normalized for using volatiles for managing /var/
+subdirs.
+
+Signed-off-by: Ming Liu <ming.liu at windriver.com>
+---
+ init.d |    8 +-------
+ 1 file changed, 1 insertion(+), 7 deletions(-)
+
+diff -urpN a/init.d b/init.d
+--- a/init.d
++++ b/init.d
+@@ -4,7 +4,7 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin
+ 
+ . /etc/init.d/functions
+ 
+-# for a chrooted server: "-u bind -t /var/lib/named"
++# for a chrooted server: "-u bind -t /var/run/named-chroot"
+ # Don't modify this line, change or create /etc/default/bind9.
+ OPTIONS=""
+ 
+@@ -126,12 +126,6 @@ case "$1" in
+ 	    ps `cat /var/run/named/named.pid` > /dev/null && exit 1
+ 	fi
+ 
+-	# dirs under /var/run can go away on reboots.
+-	mkdir -p /var/run/named
+-	mkdir -p /var/cache/bind
+-	chmod 775 /var/run/named
+-	chown root:bind /var/run/named >/dev/null 2>&1 || true
+-
+ 	if [ ! -x /usr/sbin/named ]; then
+ 	    echo "named binary missing - not starting"
+ 	    exit 1
diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/volatiles.98_bind b/meta/recipes-connectivity/bind/bind-9.8.1/volatiles.98_bind
new file mode 100644
index 0000000..fa4c4e9
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.8.1/volatiles.98_bind
@@ -0,0 +1,5 @@
+# <type> <owner> <group> <mode> <path> <linksource>
+d bind bind 0755 /var/run/named none
+d bind bind 0755 /var/run/bind none
+d bind bind 0755 /var/run/bind/run none
+d bind bind 0755 /var/cache/bind none
diff --git a/meta/recipes-connectivity/bind/bind-9.8.1/volatiles.99_bind-chroot b/meta/recipes-connectivity/bind/bind-9.8.1/volatiles.99_bind-chroot
new file mode 100644
index 0000000..0a150a7
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind-9.8.1/volatiles.99_bind-chroot
@@ -0,0 +1,10 @@
+# <type> <owner> <group> <mode> <path> <linksource>
+d bind bind 0755 /var/run/named-chroot/dev none
+d bind bind 0755 /var/run/named-chroot/etc none
+d bind bind 0755 /var/run/named-chroot/etc/bind none
+d bind bind 0755 /var/run/named-chroot/var none
+d bind bind 0755 /var/run/named-chroot/var/cache none
+d bind bind 0755 /var/run/named-chroot/var/cache/bind none
+d bind bind 0755 /var/run/named-chroot/var/run none
+d bind bind 0755 /var/run/named-chroot/var/run/bind none
+d bind bind 0755 /var/run/named-chroot/var/run/named none
diff --git a/meta/recipes-connectivity/bind/bind_9.8.1.bb b/meta/recipes-connectivity/bind/bind_9.8.1.bb
index 45695e4..93b41d2 100644
--- a/meta/recipes-connectivity/bind/bind_9.8.1.bb
+++ b/meta/recipes-connectivity/bind/bind_9.8.1.bb
@@ -24,7 +24,10 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
            file://init.d-fix-indentation.patch \
            file://init.d-add-support-for-read-only-rootfs.patch \
            file://bind-add-init-bind-status-command.patch \
-	   "
+           file://volatiles.98_bind \
+           file://volatiles.99_bind-chroot \
+           file://init.d-normalize-for-volatiles.patch \
+           "
 
 SRC_URI[md5sum] = "cf31117c5d35af34d4c0702970ad9fb7"
 SRC_URI[sha256sum] = "02285dc429cb2a6687a1b2446e9ee22c1df27f2577225b05be5092395ee7c92c"
@@ -48,7 +51,7 @@ PARALLEL_MAKE = ""
 PACKAGES_prepend = "${PN}-utils ${PN}-chroot "
 FILES_${PN}-utils = "${bindir}/host ${bindir}/dig ${bindir}/nslookup"
 FILES_${PN}-dev += "${bindir}/isc-config.h"
-FILES_${PN}-chroot = "${localstatedir}/named/chroot ${sysconfdir}/default/bind9"
+FILES_${PN}-chroot = "${sysconfdir}/default/bind9 ${sysconfdir}/default/volatiles/99_bind_chroot"
 
 RDEPENDS_${PN} = "bind-chroot"
 
@@ -70,13 +73,9 @@ do_install_append() {
 	install -d "${D}${sysconfdir}/default"
 	install -m 755 "${WORKDIR}/bind9" "${D}${sysconfdir}/default/bind9"
 
-	# chroot
-	chroot_prefix="${localstatedir}/named/chroot"
-	install -d "${D}${chroot_prefix}/dev"
-	install -d "${D}${chroot_prefix}/etc/bind"
-	install -d "${D}${chroot_prefix}/var/cache/bind"
-	install -d "${D}${chroot_prefix}/var/run/bind"
-	install -d "${D}${chroot_prefix}/var/run/named"
+	install -d ${D}/${sysconfdir}/default/volatiles
+	install -m 644 ${WORKDIR}/volatiles.98_bind ${D}/${sysconfdir}/default/volatiles/98_bind
+	install -m 644 ${WORKDIR}/volatiles.99_bind-chroot ${D}/${sysconfdir}/default/volatiles/99_bind_chroot
 }
 
 CONFFILES_${PN} = " \
-- 
1.8.1.2.545.g2f19ada

More information about the Openembedded-core mailing list