Hello community, here is the log from the commit of package pdns for openSUSE:Factory checked in at 2017-04-12 17:35:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pdns (Old) and /work/SRC/openSUSE:Factory/.pdns.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pdns" Wed Apr 12 17:35:10 2017 rev:47 rq:486326 version:4.0.3 Changes: -------- --- /work/SRC/openSUSE:Factory/pdns/pdns.changes 2017-02-04 15:44:18.307540552 +0100 +++ /work/SRC/openSUSE:Factory/.pdns.new/pdns.changes 2017-04-12 18:16:13.121936379 +0200 @@ -1,0 +2,7 @@ +Fri Mar 31 09:25:59 UTC 2017 - [email protected] + +- added pdns-4.0.3_allow_dacoverride_in_capset.patch: + Adding CAP_DAC_OVERRIDE to fix startup problems with sqlite3 + backend + +------------------------------------------------------------------- New: ---- pdns-4.0.3_allow_dacoverride_in_capset.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pdns.spec ++++++ --- /var/tmp/diff_new_pack.EJU71f/_old 2017-04-12 18:16:14.001811959 +0200 +++ /var/tmp/diff_new_pack.EJU71f/_new 2017-04-12 18:16:14.013810262 +0200 @@ -145,6 +145,7 @@ Source3: http://downloads.powerdns.com/releases/pdns-%{pkg_version}.tar.bz2.sig Source1: rcpdns Source2: README.opendbx +Patch: pdns-4.0.3_allow_dacoverride_in_capset.patch Summary: Modern, advanced and high performance authoritative-only nameserver License: GPL-2.0 Group: Productivity/Networking/DNS/Servers @@ -312,6 +313,7 @@ %prep %setup -n %{name}-%{pkg_version} +%patch -p1 %if %{with pdns_opendbx} cp %{S:2} README.opendbx %endif ++++++ pdns-4.0.3_allow_dacoverride_in_capset.patch ++++++ situation: /var/lib/pdns pdns:pdns 750 /var/lib/pdns/sqlite3.db pdns:pdns 640 during start up it seems pdns tries to open the file as root which fails because of the permissions, internally it tries to open it with dac override capability, which fails as it isn't in the capability set. Adding CAP_DAC_OVERRIDE fixes the start problems. Index: pdns-4.0.3/pdns/pdns.service.in =================================================================== --- pdns-4.0.3.orig/pdns/pdns.service.in +++ pdns-4.0.3/pdns/pdns.service.in @@ -13,7 +13,7 @@ RestartSec=1 StartLimitInterval=0 PrivateTmp=true PrivateDevices=true -CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_CHOWN CAP_SYS_CHROOT +CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_CHOWN CAP_SYS_CHROOT CAP_DAC_OVERRIDE NoNewPrivileges=true # ProtectSystem=full will disallow write access to /etc and /usr, possibly # not being able to write slaved-zones into sqlite3 or zonefiles.
