recompile dnsmasq with HAVE_ISC_READER

[mattcen]

Hi all,

This thread was a bit difficult to categorise, but I decided that this was the best place for it. Basically, my objective is to take the Fedora 8 SRPM for dnsmasq and enable the HAVE_ISC_READER setting in the src/config.h file, and recompile the RPM. I am kind of new to recompiling packages from source, and, inevitably - ran into a bit of trouble. I have detailed my process below.

Code:

#as root
rpm -Uvh dnsmasq-2.40-1.fc8.src.rpm
cd /usr/src/redhat/SOURCES
cp xzf dnsmasq-2.40.tar.gz /tmp/
cd /tmp
tar xzf dnsmasq-2.40.tar.gz
vi dnsmasq-2.40/src/config.h
#uncommented #define HAVE_ISC_READER in file, saved and quit
tar czf dnsmasq-2.40.tar.gz ./dnsmasq-2.40
mv dnsmasq-2.40.tar.gz /usr/src/redhat/SOURCES/
rpmbuild -bb dnsmasq.spec

At this point I received the following output:

Code:

Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.13270
+ umask 022
+ cd /usr/src/redhat/BUILD
+ LANG=C
+ export LANG
+ unset DISPLAY
+ cd /usr/src/redhat/BUILD
+ rm -rf dnsmasq-2.40
+ /bin/gzip -dc /usr/src/redhat/SOURCES/dnsmasq-2.40.tar.gz
+ tar -xf -
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd dnsmasq-2.40
++ /usr/bin/id -u
+ '[' 0 = 0 ']'
+ /bin/chown -Rhf root .
++ /usr/bin/id -u
+ '[' 0 = 0 ']'
+ /bin/chgrp -Rhf root .
+ /bin/chmod -Rf a+rX,u+w,g-w,o-w .
+ echo 'Patch #0 (dnsmasq-2.33-initscript.patch):'
Patch #0 (dnsmasq-2.33-initscript.patch):
+ patch -p1 -s
+ echo 'Patch #1 (dnsmasq-2.33-enable-dbus.patch):'
Patch #1 (dnsmasq-2.33-enable-dbus.patch):
+ patch -p1 -s
1 out of 1 hunk FAILED -- saving rejects to file src/config.h.rej
error: Bad exit status from /var/tmp/rpm-tmp.13270 (%prep)


RPM build errors:
    Bad exit status from /var/tmp/rpm-tmp.13270 (%prep)

I have no idea what this means. And though I didn't spend an exorbitant period searching for solutions, the solutions I did find regarding similar errors were mostly program specific.

If anyone would like a bit of background into my reasons for wanting to recompile dnsmasq, here it is:

I have been trying to configure a new Fedora internet gateway (including DHCP and Caching DNS Nameserver) on and off for the couple of weeks (currently using Freesco Linux, but it has limited functionality), tried and failed to configure BIND (I don't think I'm ready for that yet) and decided to examine my Freesco configuration closer. I determined that Freesco uses dnsmasq with ISC dhcpd, and I am really happy with how that configuration works out - I considered using dnsmasq as the dhcp server, but am more comfortable with ISC. I adapted the configuration from Freesco to Fedora 8, and encountered an error basically saying that I can't read a ISC DHCP leases file from dnsmasq unless I enable HAVE_ISC_READER in the src/config.h file for dnsmasq - And so then I ended up here .


Any assistance would be greatly appreciated.

Regards,
Mattcen

[stevea]

This

Quote:

1 out of 1 hunk FAILED -- saving rejects to file src/config.h.rej

means that patch failed when trying to insert some redhat patch to src/config.h

This is probably because you changed some lines adjacent to the patch or in the patch.

My suggestion is that you just go to the build directory/dnsmasq-nn.nn/. and follow the README.
99% of the time it's "./configure; make; make install"


I built a custom dnsmasq from the sources at the developers (thekelleys.uk.co I think) a month ago and it built w/ zero problems. Very nice tool btw.

[stevea]

Yo might also do an "rpmbuild -bc" then edit the src/config and do a "make" from the top level.
You'll need to copy the binary dnsmasq to a directory on your path.
--
Yeah this works:

Quote:

rpmdev-setuptree
rpm -Uhv http://download.fedora.redhat.com/pu...-1.fc8.src.rpm
ARCH="i386"
rpmbuild -bc SPECS/dnsmasq.spec
vi BUILD/dnsmasq-2.40/src/config.h
touch rpmbuild/BUILD/dnsmasq-2.40/src/*.c
make -C rpmbuild/BUILD/dnsmasq-2.40

--

Quote:

make install -C rpmbuild/BUILD/dnsmasq-2.40

will install the new binary in /usr/local/bin
the original is in /usr/sbin

Not sure but it looks to me like the ISC... is already enabled. I'll leave that to you.

[mattcen]

Thanks for your reply, I'll see how I go .

[mattcen]

OK. Having (apparently) successfully recompiled dnsmasq with the method outlined above (Thanks a lot for that btw) I was wondering: Can I do a standard RPM installation of dnsmasq, and simply replace the binary with the recompiled one, and expect it to work? I ask this because using the source, it doesn't install dnsmasq as a service, and I don't know how to do it otherwise.

Thanks again,
Mattcen

[mattcen]

Nevermind, it appears that it worked! This is fantastic! I am so, so close!

[EDIT]
Problem Solved, but new problem has arisen - see below

[mattcen]

Success!
dnsmasq starts fine on the virtual machine I was testing it on, and all the dhcp assignments and dns lookups (the internal LAN ones anyway - haven't tested internet connectivity yet) work fine.

I have encountered a new problem (which is no longer a programming issue) when trying to duplicate the settings on my actual server (moving from the VM to a physical machine). I successfully copied all the config files and the recompiled binary over to the server, and tried to start up dhcpd and dnsmasq and received dnsdomainname: Host name lookup failure when trying to run "service dnsmasq start".

On viewing /var/log/messages I found:

Code:

Dec 13 20:55:40 server setroubleshoot: #012    SELinux is preventing dnsmasq (dnsmasq_t) "search" to <Unknown> (dhcpd_state_t).#012     For complete SELinux messages. run sealert -l d7038458-5275-4724-9f9b-3769cea66cc7

so I ran sealert -l d7038458-5275-4724-9f9b-3769cea66cc7 and got

Code:

Summary
    SELinux is preventing dnsmasq (dnsmasq_t) "search" to <Unknown>
    (dhcpd_state_t).

Detailed Description
    SELinux denied access requested by dnsmasq. It is not expected that this
    access is required by dnsmasq and this access may signal an intrusion
    attempt. It is also possible that the specific version or configuration of
    the application is causing it to require additional access.

Allowing Access
    Sometimes labeling problems can cause SELinux denials.  You could try to
    restore the default system file context for <Unknown>, restorecon -v
    <Unknown> If this does not work, there is currently no automatic way to
    allow this access. Instead,  you can generate a local policy module to allow
    this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
    Or you can disable SELinux protection altogether. Disabling SELinux
    protection is not recommended. Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.

Additional Information

Source Context                system_u:system_r:dnsmasq_t:s0
Target Context                system_u:object_r:dhcpd_state_t:s0
Target Objects                None [ dir ]
Affected RPM Packages
Policy RPM                    selinux-policy-3.0.8-62.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall_file
Host Name                     server
Platform                      Linux server 2.6.23.8-63.fc8 #1 SMP Wed Nov 21
                              18:51:08 EST 2007 i686 i686
Alert Count                   53
First Seen                    Thu Dec 13 19:46:43 2007
Last Seen                     Thu Dec 13 20:55:38 2007
Local ID                      d7038458-5275-4724-9f9b-3769cea66cc7
Line Numbers

Raw Audit Messages

avc: denied { search } for comm=dnsmasq dev=dm-0 name=dhcpd pid=7347
scontext=system_u:system_r:dnsmasq_t:s0 tclass=dir
tcontext=system_u:object_r:dhcpd_state_t:s0

From this I deduct that SELinux is denying dnsmasq access to /var/lib/dhcpd/dhcpd.leases where it needs to look for the hosts configured by dhcp (did I mention I HATE SELinux?).
I am at loss at how to enable this access.

Any ideas?

Regards,
Mattcen

[mattcen]

Anybody got any ideas about this? Or should I perhaps post this new problem in the security forum?