Applying openSUSE-SLE-15.3-2022-4395 (1) security update for samba breaks named. The related journal entries are:
Starting Berkeley Internet Name Domain (DNS)…
named.service: Failed to set up mount namespacing: /run/systemd/unit-root/run/named: No such file or directory
named.service: Failed at step NAMESPACE spawning /usr/sbin/named.init: No such file or directory
named.service: Control process exited, code=exited, status=226/NAMESPACE
named.service: Failed with result ‘exit-code’.
Failed to start Berkeley Internet Name Domain (DNS).
Running OpenSUSE Leap 15.3
5.3.18-150300.59.106-default
How would I resolve this problem? Screenshots below.
Please check the “named.service” configuration –
> systemctl cat named.service
Please check (assuming that, this sandboxing option is present) the value of “ProtectSystem”.
- If, the value is “strict” , it has to be changed to “full” .
The man page “systemd.exec” has the details in the section “SANDBOXING”.
Use the command “systemctl edit named.service” either with “sudo” or, the user “root”, to change the setting.
Unfortunately, there is no ProtectSystem in the configuration. Current configuration:
[Unit]
Description=Berkeley Internet Name Domain (DNS)
After=network.target
After=time-set.target
Wants=nss-lookup.target
Wants=time-set.target
[Service]
Type=forking
ExecStart=/usr/sbin/named.init start
ExecReload=/usr/sbin/named.init reload
ExecStop=/usr/sbin/named.init stop
[Install]
WantedBy=multi-user.target
The work-around provided by Andrei Borzenkov in Bug 1206719 resolves the issue:
sudo mkdir /etc/systemd/system/named.service.d
sudo touch /etc/systemd/system/named.service.d/26-samba-dlz.conf
Thanks!