Package: resolvconf Version: 1.78 Severity: normal Hi,
on a system with network-manager and systemd as PID 1, /etc/resolvconf/update.d/resolvconf-update-bind gets called without CAP_CHOWN due to CapabilityBoundingSet in /lib/systemd/system/network-managaer.service. This causes the script to fail when it tries to chown root:bind named.options_new.$PID, resulting in a non-updated named.options. This can either be fixed by asking n-m to ad CAP_CHOWN to the CapabilityBoundingSet of Network-Manager, to drop a supplement in /etc/systemd/system/network-manager.service.d/resolconf-cap (unfriendly), to ask bind to make /var/run/bind sgid bind, or to fix the script to not chown the file in the first place. I have fixed the issue locally by removing the chown file from the script with no noticed negative effect, but I don't know which corner cases might be here. So I'd like to ask the package maintainer to choose whatever is appropriate. Since using a locally installed bind on a system that has its network managed with Network-Manager is a rather uncommon setup, I have filed this bug as "normal" only, but would like to suggest this to be addressed anyway. Greetings Marc -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.5.0-zgws1 (SMP w/8 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages resolvconf depends on: ii debconf [debconf-2.0] 1.5.59 ii ifupdown 0.8.10 ii init-system-helpers 1.29 ii initscripts 2.88dsf-59.3 ii lsb-base 9.20160110 resolvconf recommends no packages. resolvconf suggests no packages. -- debconf information excluded
