Hi, this is a user-level question from someone who wants to make use of systemd but has not quite grown the gut feeling about which way is the right way to go. I am running bind 9 on more than a handful of systems providing name services as recursive and/or authoritative name servers. As it has ben recommended for two decades, I run bind in a chroot, using its own feature to chroot itself after starting up (-t /path/to/chroot). In Debian bookworm, the systemd units that come with Debian's bind9 package have recently changed from Type=simple to Type=notify. Combined with named -t, this means that systemd will never notice that the name daemon has correctly started up unless systemd's notify socket is also reachable in the chroot. This in turn means that bind is continuosly restarted by systemd. As a quick fix, I issue moiunt --bind /run/systemd /path/to/chroot/run/systemd manually. I am currently wondering which way is the preferred way to achive this in a more clean way: (1) go fully systemd That would mean to get rid of bind's -t option completely but use systemd's RootDirectory directive instead. I have not tried this but I think that the bind community might be reluctant to support a setup like that. In advantage, I could use the BindReadOnlyPaths directive to directly manage the necessary bind mount to make the notify socket accessible. (2) try to preserve the classic setup That would probably mean having a /etc/systemd/system/var-local-bind-run-systemd.mount with the contents: | [Mount] | What=/run/systemd | Where=/var/local/bind/run/systemd | Type=none | Options=bind | | [Install] | WantedBy=bind9.service and adding a RequiresMountsFor=/var/local/bind/run/systemd to the bind9.service. This works as intended when I start up bind9, but when stopping the name daemon, the bind mount still lingers around. I have not fully understood the necessary systemd magic to have var-local-bind-run-systemd.mount stopped whenever bind9.service stops. How would I do that? How would you solve this issue? Method (1), Method (2), or one that I didn't think of yet? Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
bind-mount of /run/systemd for chrooted bind9/named
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: bind-mount of /run/systemd for chrooted bind9/named
- From: Marc Haber <mh+systemd-devel@xxxxxxxxxxxx>
- Date: Mon, 3 Jul 2023 20:52:10 +0200
- User-agent: Mutt/2.0.5 (2021-01-21)
- Follow-Ups:
- Re: bind-mount of /run/systemd for chrooted bind9/named
- From: Lennart Poettering
- Re: bind-mount of /run/systemd for chrooted bind9/named
- From: Silvio Knizek
- Re: bind-mount of /run/systemd for chrooted bind9/named
- Prev by Date: Re: PAMName=login, systemctl stop
- Next by Date: Re: bind-mount of /run/systemd for chrooted bind9/named
- Previous by thread: All Systems Go! 2023 (13/14. 09. 23): Call for Proposals ends July 7th
- Next by thread: Re: bind-mount of /run/systemd for chrooted bind9/named
- Index(es):
 |