15288 – DLZ plugin is uninformative when binddns directory is inaccessible

Bug 15288 - DLZ plugin is uninformative when binddns directory is inaccessible

Summary: DLZ plugin is uninformative when binddns directory is inaccessible

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	DNS plugin (BIND DLZ) (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Amitay Isaacs
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-01-19 23:48 UTC by Douglas Bagnall
Modified:	2023-01-19 23:48 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Douglas Bagnall 2023-01-19 23:48:39 UTC

There are a number of complaints on the mailing list where people find ../samba/bind-dns/named.conf is inaccessible to Bind even though the permissions look good. This is likely because some kernel security module (selinux, apparmour) is blocking access. That's not unexpected.

The trouble is the way the DLZ reports it is by saying "Failed to connect to /var/lib/samba/private/dns/sam.ldb", which you'll notice is not the samba/bind-dns directory at all. That's because Samba falls back to trying an old location for this file and doesn't tell anyone.

e.g. https://lists.samba.org/archive/samba/2020-October/232521.html