Skip to content

Zonefile on read-only filesystem gives "unexpected error"

Summary

Zonefile on read-only filesystem gives "unexpected error" as does not handle EROFS error.

named[266149]: errno2result.c:119:isc___errno2result(): unexpected error:
named[266149]: stdio.c

BIND version used

details (v. 9.18.14) 
IND 9.18.14 (Extended Support Version) <id:2c5e22f>
running on Linux x86_64 6.1.30 #1-NixOS SMP PREEMPT_DYNAMIC Wed May 24 16:32:53 UTC 2023
compiled by GCC 12.2.0
compiled with OpenSSL version: OpenSSL 3.0.8 7 Feb 2023
linked to OpenSSL version: OpenSSL 3.0.8 7 Feb 2023
compiled with libuv version: 1.44.2
linked to libuv version: 1.44.2
compiled with libnghttp2 version: 1.51.0
linked to libnghttp2 version: 1.51.0
compiled with libxml2 version: 2.10.4
linked to libxml2 version: 21004
compiled with zlib version: 1.2.13
linked to zlib version: 1.2.13
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): yes
TKEY mode 3 support (GSS-API): yes

default paths:
  named configuration:  /nix/store/ywv0pi4c10ib0kmndr34fh86dhf4wax1-bind-9.18.14/etc/named.conf
  rndc configuration:   /nix/store/ywv0pi4c10ib0kmndr34fh86dhf4wax1-bind-9.18.14/etc/rndc.conf
  DNSSEC root key:      /nix/store/ywv0pi4c10ib0kmndr34fh86dhf4wax1-bind-9.18.14/etc/bind.keys
  nsupdate session key: /var/run/named/session.key
  named PID file:       /var/run/named/named.pid
  named lock file:      /var/run/named/named.lock

Steps to reproduce

named.conf with

zone example.com {
    type master;
    file /path/to/file/on/read-only-fs;
}
Where the bug was encountered Specifically, this was encountered when using bind9 with NixOS, where the nix store exists on a read-only filesystem. (The solution is for the bind-file *not* to be in the nix store, but this is not the bug) 
services.bind = {
  enable = true;
  zones."example.com" = {
    #               v this creates a file in the nix store
    file = builtins.toFile "named.conf" "pretend there is a zone ffile here";
    master = true;
  };
};

What is the current bug behavior?

named[266149]: errno2result.c:119:isc___errno2result(): unexpected error:
named[266149]: stdio.c

What is the expected correct behavior?

Probably whatever the output of ISC_R_NOPERM would be.

Relevant configuration files

See above.

Relevant logs and/or screenshots

See above.

Possible fixes

https://users.isc.org/~each/doxygen/bind9/errno2result_8c-source.html#l00037

The following patch should fix it:

0001-bug-Handle-POSIX-errorcode-EROFS-when-writing-to-a-r.patch

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information