[systemd-devel] mount created via "mount --bind" in systemctl unit doesn't create/bind the mount; but @ cmd line it works ?

ixloran at sent.at ixloran at sent.at
Sat Mar 30 10:43:02 PDT 2013 

Hi,

I'm trying to preserve my chroot-ed, systemctl-launched BIND9's logs. 
To do that, I'm using a bind mount.

My problem is, it all works from command line, but not from when doing
the "same thing" via systemd unit file.

My question is: Why doesn't it work? What am I doing wrong here?

Before launching BIND in a chroot, I've got an existing /var/log/named
log dir and no chroot dirs:

	ls -al /var/log/named /svr/chroot/named/var/log
		ls: cannot access /svr/chroot/named/var/log: No such
		file or directory
		/var/log/named:
			total 16K
			drwxr-xr-x  2 named named 4.0K Mar 30 09:40 ./
			drwxr-xr-x 20 root  root   12K Mar 29 07:51 ../
			-rw-r--r--  1 root  root     0 Mar 30 09:40 test

I exec a chroot setup script:

	/svr/scripts/bind-chroot.sh /svr/chroot/named on

which correctly bind-mounts /var/log/named to /svr/chroot/named/var/log:

	mountpoint -d /svr/chroot/named/var/log
		253:2
	mountpoint -d /var/log/named
		253:2

	ls -al /var/log/named /svr/chroot/named/var/log
		/svr/chroot/named/var/log:
			total 8.0K
			drwxr-xr-x 2 named named 4.0K Mar 30 09:40 ./
			drwxr-xr-x 4 root  root  4.0K Mar 30 10:13 ../
			-rw-r--r-- 1 root  root     0 Mar 30 09:40 test

		/var/log/named:
			total 16K
			drwxr-xr-x  2 named named 4.0K Mar 30 09:40 ./
			drwxr-xr-x 20 root  root   12K Mar 29 07:51 ../
			-rw-r--r--  1 root  root     0 Mar 30 09:40 test

Now I launch BIND itself

	/usr/local/sbin/named -t /svr/chroot/named -n 4 -S 1024 -u named
	-c /etc/named.conf

It's up:

	ps ax | grep named
	 5948 ?        Ssl    0:11 /usr/local/sbin/named -t
	 /svr/chroot/named -n 4 -S 1024 -u named -c /etc/named.conf

and logs are correctly created in chroot:

	ls -al /svr/chroot/named/var/log
		total 16K
		drwxr-xr-x 2 named named 4.0K Mar 30 10:17 ./
		drwxr-xr-x 4 root  root  4.0K Mar 30 10:13 ../
		-rw-r--r-- 1 named named 2.6K Mar 30 10:18
		bind-debug.log
		-rw-r--r-- 1 named named 4.0K Mar 30 10:17 bind-main.log
		-rw-r--r-- 1 named named    0 Mar 30 10:17
		bind-query.log
		-rw-r--r-- 1 root  root     0 Mar 30 09:40 test

and are reflected as expected in the bound mount:

	ls -al /var/log/named
		total 24K
		drwxr-xr-x  2 named named 4.0K Mar 30 10:17 ./
		drwxr-xr-x 20 root  root   12K Mar 29 07:51 ../
		-rw-r--r--  1 named named 2.6K Mar 30 10:18
		bind-debug.log
		-rw-r--r--  1 named named 4.0K Mar 30 10:17
		bind-main.log
		-rw-r--r--  1 named named    0 Mar 30 10:17
		bind-query.log
		-rw-r--r--  1 root  root     0 Mar 30 09:40 test

now when I quit named

	rndc stop
	ps ax | grep named
		(empty)

and unmount:

	umount /svr/chroot/named/var/log

the logs are preserved outside of the chroot:

	ls -al /var/log/named /svr/chroot/named/var/log

		/svr/chroot/named/var/log:
			total 8.0K
			drwxr-xr-x 2 named named 4.0K Mar 30 10:13 ./
			drwxr-xr-x 4 root  root  4.0K Mar 30 10:13 ../

		/var/log/named:
			total 28K
			drwxr-xr-x  2 named named 4.0K Mar 30 10:17 ./
			drwxr-xr-x 20 root  root   12K Mar 29 07:51 ../
			-rw-r--r--  1 named named 3.3K Mar 30 10:19
			bind-debug.log
			-rw-r--r--  1 named named 4.3K Mar 30 10:20
			bind-main.log
			-rw-r--r--  1 named named    0 Mar 30 10:17
			bind-query.log
			-rw-r--r--  1 root  root     0 Mar 30 09:40 test


But if I repeate the process, using a systemd unit to automate the same
thing:

	cat /etc/systemd/system/named-custom.service 
		[Unit]
		Description=Bind9
		After=syslog.target network.target
		Before=named-custom.target

		[Service]
		Type=forking
		PrivateTmp=true
		ExecStartPre=/svr/scripts/bind-chroot.sh
		/svr/chroot/named on
		ExecStart=/usr/local/sbin/named -t /svr/chroot/named -n
		4 -S 1024 -u named -c /etc/named.conf
		ExecReload=/bin/sh -c '/usr/local/sbin/rndc reload >
		/dev/null 2>&1 || /bin/kill -HUP $MAINPID'

		ExecStop=/bin/sh -c '/usr/local/sbin/rndc stop >
		/dev/null 2>&1 || /bin/kill -TERM $MAINPID'
		ExecStopPost=/svr/scripts/bind-chroot.sh
		/svr/chroot/named off
		Restart=always
		RestartSec=1
		TimeoutSec=25

		[Install]
		WantedBy=multi-user.target

	systemctl start named-custom.service

Bind's fully functional, but I do NOT see the bound mount:

	ls -al /var/log/named /svr/chroot/named/var/log
		/svr/chroot/named/var/log:
			total 16K
			drwxr-xr-x 2 named named 4.0K Mar 30 10:27 ./
			drwxr-xr-x 4 root  root  4.0K Mar 30 10:27 ../
			-rw-r--r-- 1 named named 2.3K Mar 30 10:27
			bind-debug.log
			-rw-r--r-- 1 named named 4.0K Mar 30 10:27
			bind-main.log
			-rw-r--r-- 1 named named    0 Mar 30 10:27
			bind-query.log

		/var/log/named:
			total 16K
			drwxr-xr-x  2 named named 4.0K Mar 30 10:26 ./
			drwxr-xr-x 20 root  root   12K Mar 29 07:51 ../

	mountpoint -d /svr/chroot/named/var/log
		253:0
	mountpoint -d /var/log/named
		253:2

Why doesn't the mount exist when 'automated' via system launch, as it is
if I manually exec?  What have I screwed up or missed?

I'm running:

	systemctl --version
		systemd 195
		suse
		+PAM +LIBWRAP +AUDIT +SELINUX +IMA +SYSVINIT
		+LIBCRYPTSETUP +GCRYPT +ACL +XZ


-Izzy

More information about the systemd-devel mailing list