Bug 11090 - resolv_wrapper: not working from fedora repo
resolv_wrapper: not working from fedora repo
Status: NEW
Product: cwrap
Classification: Unclassified
Component: library
unspecified
All All
: P5 normal
: ---
Assigned To: Andreas Schneider
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-02-05 14:49 UTC by Branislav Blaskovic
Modified: 2015-09-18 12:32 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Branislav Blaskovic 2015-02-05 14:49:39 UTC
Version:
resolv_wrapper-1.1.0-2.fc21.x86_64 - installed from fedora repo

Following man page instructions:
    $ cat fake-resolv 
    A       dc.cwrap.org  127.0.0.10

    $ LD_PRELOAD=/usr/lib64/libresolv_wrapper.so RESOLV_WRAPPER_CONF=./fake-resolv dig dc.cwrap.org

    ; <<>> DiG 9.9.6-P1-RedHat-9.9.6-6.P1.fc21 <<>> dc.cwrap.org
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2630
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;dc.cwrap.org.			IN	A

    ;; ANSWER SECTION:
    dc.cwrap.org.		3488	IN	A	80.67.16.8

    ;; Query time: 34 msec
    ;; SERVER: 10.38.5.26#53(10.38.5.26)
    ;; WHEN: Thu Feb 05 15:39:47 CET 2015
    ;; MSG SIZE  rcvd: 57

I tried it with ping too:

    $ LD_PRELOAD=libresolv_wrapper.so RESOLV_WRAPPER_CONF=./fake-resolv ping dc.cwrap.org
    ERROR: ld.so: object 'libresolv_wrapper.so' from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored.
    PING dc.cwrap.org (80.67.16.8) 56(84) bytes of data.
    64 bytes from twilight.ispgateway.de (80.67.16.8): icmp_seq=1 ttl=54 time=18.6 ms
    64 bytes from twilight.ispgateway.de (80.67.16.8): icmp_seq=2 ttl=54 time=18.5 ms
    ^C
    --- dc.cwrap.org ping statistics ---
    2 packets transmitted, 2 received, 0% packet loss, time 1001ms
    rtt min/avg/max/mdev = 18.583/18.627/18.671/0.044 ms

It does not work and it also writes something about that lib cannot be preloaded, so I tried it with full path too:

    $ LD_PRELOAD=/usr/lib64/libresolv_wrapper.so RESOLV_WRAPPER_CONF=./fake-resolv ping dc.cwrap.org
    PING dc.cwrap.org (80.67.16.8) 56(84) bytes of data.
    64 bytes from twilight.domainfactory.de (80.67.16.8): icmp_seq=1 ttl=54 time=18.6 ms
    64 bytes from twilight.domainfactory.de (80.67.16.8): icmp_seq=2 ttl=54 time=18.6 ms
    ^C
    --- dc.cwrap.org ping statistics ---
    2 packets transmitted, 2 received, 0% packet loss, time 1001ms
    rtt min/avg/max/mdev = 18.605/18.651/18.697/0.046 ms

Still wrong IP.
Comment 1 Jakub Hrozek 2015-02-05 14:54:05 UTC
The manpage shouldn't suggest dig, we need to fix the man page.
Comment 2 Jakub Hrozek 2015-02-09 16:28:27 UTC
Proposed patch:
https://github.com/jhrozek/resolv_wrapper/commit/a3395ef9a5a85ebb2b17c94ca5a0a0dcf1312d03

kinit, unlike dig uses libresolv, so it's actually usable with rwrap :-)
Comment 3 Branislav Blaskovic 2015-02-12 09:17:10 UTC
And what is problem with ping? That error about preloading and bad IP?
Comment 4 Andreas Schneider 2015-03-31 15:15:00 UTC
I guess ldconfig was not called so ld could not find the library yet.

If you use nss_wrapper and a hosts file with ping it should work.
Comment 5 Florian Weimer 2015-09-18 12:32:13 UTC
(In reply to Branislav Blaskovic from comment #3)
> And what is problem with ping? That error about preloading and bad IP?

ping likely does not work because it is SUID:

-rwxr-xr-x. 1 root root 44776 Aug 17  2014 /usr/bin/ping

LD_PRELOAD is ignored for such binaries for security reasons.