chrooting services

Noth · Posted: Fri Apr 18, 2003 4:40 am Post subject: chrooting services

I'm trying to chroot all my services (apache, mysql, squid, privoxy, etc..).
But none of them can seem to find their respective user/group. I have made copies in their dir. of group, passwd nsswitch.conf, and a few others which they need and may not (out of desperation). I am using the 2.4.20-gentoo-r2 kernel with all the Grsec chroot options.

ps. If any one knows how to use Squid 2.5 's chroot option it would be most welcomed if explained, the website is rather lacking on that topic.
_________________
!!!teG I sdrawkcaB eroM ehT oG I sdrawroF eroM ehT

ixion · l33t Joined: 16 Dec 2002 Posts: 708

I'm sorry I don't have an answer for you, but I've got the same problem, myself.. I'm trying to find a way around it, and will post it here... please reply if you find the answer first, thanks.. :wink:

_________________
only the paranoid survive

Black · Posted: Fri Apr 18, 2003 11:20 pm Post subject:

Would this help?

Noth · Posted: Tue Apr 22, 2003 6:35 pm Post subject:

AHA! I got a response back from the grsec board. You need to copy over all the /lib/libnss_* files over into your chroot.
_________________
!!!teG I sdrawkcaB eroM ehT oG I sdrawroF eroM ehT

Noth · Posted: Wed Apr 30, 2003 12:23 pm Post subject:

Ummm, It seems none of the chrooted programs can access the network.
I assume It's due to Grsec 's disallowence for mknod in chroot. I don't know what device name to create, or options to pass though, in order to create my own in the chroot. :oops:

_________________
!!!teG I sdrawkcaB eroM ehT oG I sdrawroF eroM ehT

ixion · l33t Joined: 16 Dec 2002 Posts: 708

try mknod -m 666 dev/null c 1 3 from the chroot dir. That's always worked for me.

_________________
only the paranoid survive

Noth · Posted: Wed Apr 30, 2003 10:08 pm Post subject:

puggy · Posted: Thu May 01, 2003 2:11 am Post subject:

OTT but "obsorbed"? :-D

Puggy
_________________
Where there's open source , there's a way.