NLnetLabs / unbound

Unbound is a validating, recursive, and caching DNS resolver.
https://nlnetlabs.nl/unbound
BSD 3-Clause "New" or "Revised" License
3.13k stars 359 forks source link

Unbound crashes on reload when python module uses non-built-in modules #499

Open fredrik-eriksson opened 3 years ago

fredrik-eriksson commented 3 years ago

Describe the bug I built a python module which was using yaml for configuration. For this used the pyyaml packages. The module works fine when starting unbound; but when I do a reload of unbound it crashes when doing re-init of the python module:

unbound: [14939:0] notice: init module 0: python
unbound: [14939:0] error: pythonmod: can't parse Python script /etc/unbound/nft_updater.py
unbound: [14939:0] error: pythonmod: python error: NoneType: None
unbound: [14939:0] error: module init for module python failed
unbound: [14939:0] fatal error: failed to setup modules

Turns out the offending line in my code is import yaml

To reproduce Steps to reproduce the behavior:

  1. Create a minimal python module that imports yaml
  2. Configure unbound to use the module and restart unbound to make sure it works
  3. Try to reload unbound and it crashes

Expected behavior Preferably unbound shouldn't crash on reload and load the module just like on initial start. But if it's technically unfeasible to use 3rd party python packages unbound-checkconf should warn and/or unbound should refuse to start

System:

Configure line: --prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --docdir=/usr/share/doc/unbound-1.13.0 --htmldir=/usr/share/doc/unbound-1.13.0/html --with-sysroot=/ --libdir=/usr/lib64 --disable-debug --disable-gost --disable-dnscrypt --disable-dnstap --enable-ecdsa --disable-subnet --disable-cachedb --disable-static --disable-systemd --with-pythonmodule --with-pyunbound --without-pthreads --with-libnghttp2 --disable-flto --disable-rpath --enable-event-api --enable-ipsecmod --enable-tfo-client --enable-tfo-server --with-libevent=/usr --without-libhiredis --with-pidfile=/run/unbound.pid --with-rootkey-file=/etc/dnssec/root-anchors.txt --with-ssl=/usr --with-libexpat=/usr Linked libs: libevent 2.1.11-stable (it uses epoll), OpenSSL 1.1.1k 25 Mar 2021 Linked modules: dns64 python ipsecmod respip validator iterator TCP Fastopen feature available

BSD licensed, see LICENSE in source package for details. Report bugs to unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues



**Additional information**
I thought maybe the python path environment got lost on reload and tried to set the path explicitly, but that didn't seem to help. I haven't actually tried any other 3rd party modules; but I find it very unlikely that this would be limited to pyyaml.
sharonenoch commented 2 years ago

Did you try " apt install python3-yaml".. This is what worked for me.. I had to do the same for python3-redis to import redis and other modules

What I had installed and working for pother standalone scripts with python3 -m pip pyyaml never got linked.. not sure why..