Bug #53325 for Net-DNS: if /etc/resolv.conf is not readable then importing Net::DNS fails

Sun Jan 03 16:30:40 2010 arekm [...] maven.pl - Ticket created

Subject:	if /etc/resolv.conf is not readable then importing Net::DNS fails
Date:	Sun, 3 Jan 2010 22:30:13 +0100
To:	bug-Net-DNS [...] rt.cpan.org
From:	Arkadiusz Miskiewicz <arekm [...] maven.pl>

If /etc/resolv.conf is not readable (for example due to SELinux policy) then even "use Net::DNS" fails. [builder@ymir-builder ~]$ perl use Net::DNS; Could not open /etc/resolv.conf: Permission denied at /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-pld-linux-thread-multi/Net/DNS.pm line 91 Compilation failed in require at /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-pld-linux-thread-multi/Net/DNS.pm line 91. BEGIN failed--compilation aborted at /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-pld-linux-thread-multi/Net/DNS.pm line 91. Compilation failed in require at - line 1. BEGIN failed--compilation aborted at - line 1. At least import should success in such case. -- Arkadiusz Miśkiewicz PLD/Linux Team arekm / maven.pl http://ftp.pld-linux.org/

Mon Jan 04 10:06:32 2010 rwfranks [...] acm.org - Correspondence added

From:

rwfranks [...] acm.org

Before doing anything else, could you try the following (as an unprivileged user): cat /etc/resolv.conf If this fails, then the problem is entirely yours, and not a bug in Net::DNS. Otherwise, more information is required: Which version of Net::DNS are you using? What platform is this running on? Perl version appears to be 5.10.0 In the absence of this useful information, I attempted to reproduce the problem using Net::DNS 0.65 running on a newly installed Fedora12 x64 with all applicable patches. Resolver config file is normally publicly readable, but the file is not required for Net::DNS to work. -rw-r--r--. 1 root root 53 2010-01-04 11:04 /etc/resolv.conf Changing permissions ----------. 1 root root 53 2010-01-04 11:04 /etc/resolv.conf or deleting file forces Net::DNS resolver to direct queries to BIND named running on local host. This will also disrupt the resolver components in the C library. If named is not running, the resolver hangs for a long time. Neither scenario produces the compilation failure that you describe. --Dick On Sun Jan 03 16:30:40 2010, arekm@maven.pl wrote: > > If /etc/resolv.conf is not readable (for example due to SELinux > policy) then even "use Net::DNS" fails. > > [builder@ymir-builder ~]$ perl > use Net::DNS; > Could not open /etc/resolv.conf: Permission denied at > /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-pld-linux-thread- > multi/Net/DNS.pm line 91 > Compilation failed in require at > /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-pld-linux-thread- > multi/Net/DNS.pm line 91. > BEGIN failed--compilation aborted at > /usr/lib64/perl5/vendor_perl/5.10.0/x86_64-pld-linux-thread- > multi/Net/DNS.pm line 91. > Compilation failed in require at - line 1. > BEGIN failed--compilation aborted at - line 1. > > At least import should success in such case. >

Mon Jan 04 10:06:34 2010 The RT System itself - Status changed from 'new' to 'open'

Mon Jan 04 10:13:58 2010 rwfranks [...] acm.org - Correspondence added

From:

rwfranks [...] acm.org

FCKeditor is clearly FCKed!

Mon Jan 04 10:25:38 2010 rwfranks [...] acm.org - Correspondence added

From:

rwfranks [...] acm.org

(second attempt) Before doing anything else, could you try the following (as an unprivileged user): cat /etc/resolv.conf If this fails, then the problem is entirely yours, and not a bug in Net::DNS. Otherwise, more information is required: Which version of Net::DNS are you using? What platform is this running on? Perl version appears to be 5.10.0 In the absence of this useful information, I attempted to reproduce the problem using Net::DNS 0.65 running on a newly installed Fedora12 x64 with all applicable patches. Resolver config file is normally publicly readable, but the file is not required for Net::DNS to work. -rw-r--r--. 1 root root 53 2010-01-04 11:04 /etc/resolv.conf Changing permissions ----------. 1 root root 53 2010-01-04 11:04 /etc/resolv.conf or deleting file forces Net::DNS resolver to direct queries to BIND named running on local host. This will also disrupt the resolver components in the C library. If named is not running, the resolver hangs for a long time. Neither scenario produces the compilation failure that you describe. --Dick

Mon Jan 04 11:14:29 2010 arekm [...] maven.pl - Correspondence added

Subject:	Re: [rt.cpan.org #53325] if /etc/resolv.conf is not readable then importing Net::DNS fails
Date:	Mon, 4 Jan 2010 17:14:05 +0100
To:	bug-Net-DNS [...] rt.cpan.org
From:	Arkadiusz Miskiewicz <arekm [...] maven.pl>

On Monday 04 of January 2010, you wrote: Show quoted text

> <URL: https://rt.cpan.org/Ticket/Display.html?id=53325 > > > (second attempt) > > Before doing anything else, could you try the following (as an unprivileged > user): > > cat /etc/resolv.conf > > If this fails, then the problem is entirely yours, and not a bug in > Net::DNS.

It works. Show quoted text

> > Otherwise, more information is required:

But user builder (from which I test use directive) has no read access to /etc/resolv.conf due to filesystem ACL rules. perl "-r" test doesn't seem to handle ACLs and it "lies". Show quoted text

> Which version of Net::DNS are you using?

0.65 Show quoted text

> > What platform is this running on?

Linux 2.6, PLD distro Show quoted text

> > Perl version appears to be 5.10.0 > > In the absence of this useful information, I attempted to reproduce > the problem using Net::DNS 0.65 running on a newly installed Fedora12 > x64 with all applicable patches. > > Resolver config file is normally publicly readable, but the file is > not required for Net::DNS to work. > > -rw-r--r--. 1 root root 53 2010-01-04 11:04 /etc/resolv.conf

Leave such permissions and then do: setfacl -m u:youruser:--- /etc/resolv.conf (assuming /etc filesystem supports ACL) then try cat /etc/resolv.conf from "youruser" Show quoted text

> --Dick

-- Arkadiusz Miśkiewicz PLD/Linux Team arekm / maven.pl http://ftp.pld-linux.org/

Mon Jan 04 13:54:58 2010 rwfranks [...] acm.org - Correspondence added

From:

rwfranks [...] acm.org

Aha, I see that ACLs really do mess things up! I assume you would like the resolver to skip silently over config files rendered inaccessible either by ACLs or the traditional Unix permission mechanism. The code involved is in Base.pm, so some care will be needed to make sure that the solution is fully portable. --Dick

Thu Jan 07 05:01:24 2010 arekm [...] maven.pl - Correspondence added

Subject:	Re: [rt.cpan.org #53325] if /etc/resolv.conf is not readable then importing Net::DNS fails
Date:	Thu, 7 Jan 2010 11:00:55 +0100
To:	bug-Net-DNS [...] rt.cpan.org
From:	Arkadiusz Miskiewicz <arekm [...] maven.pl>

On Monday 04 of January 2010, you wrote: Show quoted text

> <URL: https://rt.cpan.org/Ticket/Display.html?id=53325 > > > > Aha, I see that ACLs really do mess things up! > > I assume you would like the resolver to skip silently over config files > rendered inaccessible either by ACLs or the traditional Unix permission > mechanism. > > The code involved is in Base.pm, so some care will be needed to make sure > that the solution is fully portable.

I use this hack for now: --- Net-DNS-0.65.orig/lib/Net/DNS/Resolver/UNIX.pm 2009-01-26 18:31:42.000000000 +0100 +++ Net-DNS-0.65/lib/Net/DNS/Resolver/UNIX.pm 2010-01-03 22:51:12.393805390 +0100 @@ -21,7 +21,17 @@ sub init { my ($class) = @_; + eval { $class->read_config_file($resolv_conf) if -f $resolv_conf && -r _; + }; + if ( $@ ) { + if ( $@ =~ /^Could not open / ) { + # we ignore this problem + #warn "$@"; + } else { + die $@; + } + } foreach my $dir (@config_path) { my $file = "$dir/$dotfile"; Show quoted text

> > --Dick >

-- Arkadiusz Miśkiewicz PLD/Linux Team arekm / maven.pl http://ftp.pld-linux.org/

Thu Jan 07 10:43:26 2010 rwfranks [...] acm.org - Correspondence added

From:

rwfranks [...] acm.org

The same result can be achieved more easily by the following one line change: *** Base.pm-0.65 2009-01-26 17:31:42.000000000 +0000 --- Base.pm 2010-01-07 15:20:53.996194891 +0000 *************** *** 230,250 **** sub read_config_file { my ($invocant, $file) = @_; my $config = ref $invocant ? $invocant : $invocant->defaults; my @ns; my @searchlist; local *FILE; ! open(FILE, "< $file") or croak "Could not open $file: $!"; local $/ = "\n"; local $_; while (<FILE>) { s/\s*[;#].*//; # Skip ahead unless there's non-whitespace characters next unless m/\S/; SWITCH: { --- 230,250 ---- sub read_config_file { my ($invocant, $file) = @_; my $config = ref $invocant ? $invocant : $invocant->defaults; my @ns; my @searchlist; local *FILE; ! open(FILE, "< $file") || return; local $/ = "\n"; local $_; while (<FILE>) { s/\s*[;#].*//; # Skip ahead unless there's non-whitespace characters next unless m/\S/; SWITCH: {

Thu Jan 07 11:13:12 2010 rwfranks [...] acm.org - Correspondence added

From:

rwfranks [...] acm.org

If you can find it! On Thu Jan 07 10:43:26 2010, rwfranks@acm.org wrote: > The same result can be achieved more easily by the following one line > change: > > *** Base.pm-0.65 2009-01-26 17:31:42.000000000 +0000 > --- Base.pm 2010-01-07 15:20:53.996194891 +0000 > *************** > *** 230,250 **** > sub read_config_file { > my ($invocant, $file) = @_; > my $config = ref $invocant ? $invocant : $invocant- > >defaults; > > > my @ns; > my @searchlist; > > local *FILE; > > ! open(FILE, "< $file") or croak "Could not open $file: $!"; > local $/ = "\n"; > local $_; > > while (<FILE>) { > s/\s*[;#].*//; > > # Skip ahead unless there's non-whitespace characters > next unless m/\S/; > > SWITCH: { > --- 230,250 ---- > sub read_config_file { > my ($invocant, $file) = @_; > my $config = ref $invocant ? $invocant : $invocant- > >defaults; > > > my @ns; > my @searchlist; > > local *FILE; > > ! open(FILE, "< $file") || return; > local $/ = "\n"; > local $_; > > while (<FILE>) { > s/\s*[;#].*//; > > # Skip ahead unless there's non-whitespace characters > next unless m/\S/; > > SWITCH: {

Fri May 07 19:34:58 2010 mss [...] apache.org - Correspondence added

From:

mss [...] apache.org

Out of boredom, here's a patch wich implements the previously non-unified one while keeping the old behaviour of the public API N::D::R::new(config_file => ...) (I assume that N::D::R::Base::read_config_file was no public API since it is documented nowhere).

Subject:

net-dns-noresolvconf.patch

diff --git a/lib/Net/DNS/Resolver/Base.pm b/lib/Net/DNS/Resolver/Base.pm index a756947..588ebcb 100644 --- a/lib/Net/DNS/Resolver/Base.pm +++ b/lib/Net/DNS/Resolver/Base.pm @@ -168,7 +168,8 @@ sub _process_args { my ($self, %args) = @_; if ($args{'config_file'}) { - $self->read_config_file($args{'config_file'}); + my $file = $args{'config_file'}; + $self->read_config_file($file) or croak "Could not open $file: $!"; } foreach my $attr (keys %args) { @@ -237,7 +238,7 @@ sub read_config_file { local *FILE; - open(FILE, "< $file") or croak "Could not open $file: $!"; + open(FILE, "<", $file) or return; local $/ = "\n"; local $_; @@ -272,6 +273,8 @@ sub read_config_file { $config->{'nameservers'} = [ @ns ] if @ns; $config->{'searchlist'} = [ @searchlist ] if @searchlist; + + return 1; }

Thu Jan 20 09:37:10 2011 willem [...] cpan.org - Correspondence added

RT-Send-CC:

mss [...] apache.org, rwfranks [...] acm.org

Hi Arkadiusz, Indeed Net::DNS should at least load even when /etc/resolv.conf is for some mysterious reason not readable. I have applied Malte's patch, that still gives the error when the the config file (/etc/resolv,conf or some other file) is explicitly given on instantiating an Net::DNS::Resolver. Regards, Willem

Thu Jan 20 09:37:11 2011 willem [...] cpan.org - Status changed from 'open' to 'resolved'