Until now, thanks to: Casper Dik Eric Paul Darren Dunham I had made a type for the /dev/zero file, and my jail was mounted nosuid. So I made the changes: /opt on /dev/md/dsk/d10 read/write/setuid/largefiles/logging on Wed Mar 7 10:47:02 2001 server1:/opt/named/dev ls -l /opt/named/dev/ total 0 crw-rw-rw- 1 root root 13, 2 Mar 6 15:29 null crw-rw-rw- 1 root root 13, 12 Mar 7 10:47 zero I do have the required libraries in the jail: server1:/opt/named/dev ls -l /opt/named/lib/ total 4498 -rwxr-xr-x 1 root other 183060 Mar 7 09:05 ld.so.1 -rwxr-xr-x 1 root other 1124692 Mar 7 09:05 libc.so.1 -rwxr-xr-x 1 root other 17256 Mar 7 09:05 libc_psr.so.1 -rwxr-xr-x 1 root other 4600 Mar 7 09:05 libdl.so.1 -rwxr-xr-x 1 root other 15336 Mar 7 09:05 libl.so.1 -rwxr-xr-x 1 root other 19876 Mar 7 09:05 libmp.so.2 -rwxr-xr-x 1 root other 837300 Mar 7 09:05 libnsl.so.1 -rwxr-xr-x 1 root other 56988 Mar 7 09:05 libsocket.so.1 server1:/opt/named/dev ldd /opt/named/sbin/named-xfer libl.so.1 => /usr/lib/libl.so.1 libnsl.so.1 => /usr/lib/libnsl.so.1 libsocket.so.1 => /usr/lib/libsocket.so.1 libc.so.1 => /usr/lib/libc.so.1 libdl.so.1 => /usr/lib/libdl.so.1 libmp.so.2 => /usr/lib/libmp.so.2 /usr/platform/SUNW,Ultra-4/lib/libc_psr.so.1 However, the truss still gives: server1:/opt/named/dev truss -f chroot /opt/named /sbin/named-xfer 19331: execve("/usr/sbin/chroot", 0xFFBEF5C4, 0xFFBEF5D4) argc = 3 19331: stat("/usr/sbin/chroot", 0xFFBEF2B8) = 0 19331: open("/var/ld/ld.config", O_RDONLY) Err#2 ENOENT 19331: open("./libc.so.1", O_RDONLY) Err#2 ENOENT 19331: open("/usr/openwin/lib/libc.so.1", O_RDONLY) Err#2 ENOENT 19331: open("/opt/SUNWits/Graphics-sw/xgl-3.0/lib/libc.so.1", O_RDONLY) Err#2 ENOENT 19331: open("/usr/local/lib/libc.so.1", O_RDONLY) Err#2 ENOENT 19331: open("/usr/local/SUNWspro/5.0/SUNWspro/lib/libc.so.1", O_RDONLY) Err#2 ENOENT 19331: open("/usr/local/SUNWspro/6.0/SUNWspro/lib/libc.so.1", O_RDONLY) Err#2 ENOENT 19331: open("/usr/lib/libc.so.1", O_RDONLY) = 3 19331: fstat(3, 0xFFBEF054) = 0 19331: mmap(0x00000000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xFF3A0000 19331: mmap(0x00000000, 778240, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xFF280000 19331: mmap(0xFF334000, 31832, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 671744) = 0xFF334000 19331: open("/dev/zero", O_RDONLY) = 4 19331: mmap(0xFF33C000, 5312, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 4, 0) = 0xFF33C000 19331: munmap(0xFF326000, 57344) = 0 19331: memcntl(0xFF280000, 131808, MC_ADVISE, 0x0003, 0, 0) = 0 19331: close(3) = 0 19331: open("./libdl.so.1", O_RDONLY) Err#2 ENOENT 19331: open("/usr/openwin/lib/libdl.so.1", O_RDONLY) Err#2 ENOENT 19331: open("/opt/SUNWits/Graphics-sw/xgl-3.0/lib/libdl.so.1", O_RDONLY) Err#2 ENOENT 19331: open("/usr/local/lib/libdl.so.1", O_RDONLY) Err#2 ENOENT 19331: open("/usr/local/SUNWspro/5.0/SUNWspro/lib/libdl.so.1", O_RDONLY) Err#2 ENOENT 19331: open("/usr/local/SUNWspro/6.0/SUNWspro/lib/libdl.so.1", O_RDONLY) Err#2 ENOENT 19331: open("/usr/lib/libdl.so.1", O_RDONLY) = 3 19331: fstat(3, 0xFFBEF054) = 0 19331: mmap(0xFF3A0000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xFF3A0000 19331: close(3) = 0 19331: open("/usr/platform/SUNW,Ultra-4/lib/libc_psr.so.1", O_RDONLY) = 3 19331: fstat(3, 0xFFBEEEBC) = 0 19331: mmap(0x00000000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xFF390000 19331: mmap(0x00000000, 16384, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xFF380000 19331: close(3) = 0 19331: mmap(0x00000000, 8192, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0xFF370000 19331: close(4) = 0 19331: munmap(0xFF390000, 8192) = 0 19331: getuid() = 0 [0] 19331: chroot("/opt/named") = 0 19331: chdir("/") = 0 19331: execve("/sbin/named-xfer", 0xFFBEF5CC, 0xFFBEF5D4) argc = 1 19331: stat("/sbin/named-xfer", 0xFFBEF2D0) = 0 19331: open("/var/ld/ld.config", O_RDONLY) Err#2 ENOENT 19331: open("./libl.so.1", O_RDONLY) Err#2 ENOENT 19331: open("/usr/openwin/lib/libl.so.1", O_RDONLY) Err#2 ENOENT 19331: open("/opt/SUNWits/Graphics-sw/xgl-3.0/lib/libl.so.1", O_RDONLY) Err#2 ENOENT 19331: open("/usr/local/lib/libl.so.1", O_RDONLY) Err#2 ENOENT 19331: open("/usr/local/SUNWspro/5.0/SUNWspro/lib/libl.so.1", O_RDONLY) Err#2 ENOENT 19331: open("/usr/local/SUNWspro/6.0/SUNWspro/lib/libl.so.1", O_RDONLY) Err#2 ENOENT 19331: open("/usr/lib/libl.so.1", O_RDONLY) = 3 19331: fstat(3, 0xFFBEF06C) = 0 19331: mmap(0x00000000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xFF3A0000 19331: mmap(0x00000000, 73728, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xFF380000 19331: mmap(0xFF390000, 6588, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xFF390000 19331: munmap(0xFF382000, 57344) = 0 19331: memcntl(0xFF380000, 3228, MC_ADVISE, 0x0003, 0, 0) = 0 19331: close(3) = 0 19331: open("./libnsl.so.1", O_RDONLY) Err#2 ENOENT 19331: open("/usr/openwin/lib/libnsl.so.1", O_RDONLY) Err#2 ENOENT 19331: open("/opt/SUNWits/Graphics-sw/xgl-3.0/lib/libnsl.so.1", O_RDONLY) Err#2 ENOENT 19331: open("/usr/local/lib/libnsl.so.1", O_RDONLY) Err#2 ENOENT 19331: open("/usr/local/SUNWspro/5.0/SUNWspro/lib/libnsl.so.1", O_RDONLY) Err#2 ENOENT 19331: open("/usr/local/SUNWspro/6.0/SUNWspro/lib/libnsl.so.1", O_RDONLY) Err#2 ENOENT 19331: open("/usr/lib/libnsl.so.1", O_RDONLY) = 3 19331: fstat(3, 0xFFBEF06C) = 0 19331: mmap(0xFF3A0000, 8192, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xFF3A0000 19331: mmap(0x00000000, 663552, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xFF280000 19331: mmap(0xFF312000, 31176, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 532480) = 0xFF312000 19331: open("/dev/zero", O_RDONLY) Err#6 ENXIO 19331: open("/dev/zero", O_RDONLY) Err#6 ENXIO ld.so.1: internal: malloc failed19331: write(2, " l d . s o . 1 : i n t".., 32) = 32 19331: write(2, "\n", 1) = 1 19331: close(3) = 0 19331: getpid() = 19331 [19330] 19331: *** process killed *** Everything works up until malloc() (I assume, according to the error message) need to open /dev/zero and fails. According to the open() man page, ENXIO happens if the device associated with the file doesn't exist, which should not be the case... Any additional help greatly apprediated. On Wed, 7 Mar 2001, Christophe Dupre wrote: > > Hi, > I'm trying to configure bind 8.2.3 to run in a chrooted environment. Doing > so for my primary server was relatively easy, but I'm unable to do so from > my secondary as it need to be able to spawn named-xfer to transfer new > zones from the primary. I was not able to staticaly compile named-xfer > (multiply defined symbols) and even if I copy all the required library in > the prison I still have problems with devices: I created /dev/null and > /dev/zero by using mknod, so that I have: > crw-rw-rw- 1 root root 13, 2 Mar 6 15:29 null > crw-rw-rw- 1 root sys 13, 2 Mar 7 09:06 zero > > but when doing a truss of named-xfer in the chrooted environment I get: > 16042: open("/dev/zero", O_RDONLY) Err#6 ENXIO > 16042: open("/dev/zero", O_RDONLY) Err#6 ENXIO > ld.so.1: internal: malloc failed16042: write(2, " l d . s o . 1 : i n > t".., 32) = 32 > > > Any clue on how to completely chroot named ? > > > -- > Christophe Dupre > System Administrator, Scientific Computation Research Center > Rensselaer Polytechnic Institute > Troy, NY USA > Phone: (518) 276-2578 - Fax: (518) 276-4886 > > _______________________________________________ > sunmanagers mailing list > sunmanagers@sunmanagers.org > http://www.sunmanagers.org/mailman/listinfo/sunmanagers > -- Christophe Dupre System Administrator, Scientific Computation Research Center Rensselaer Polytechnic Institute Troy, NY USA Phone: (518) 276-2578 - Fax: (518) 276-4886Received on Wed Mar 7 18:20:48 2001
This archive was generated by hypermail 2.1.8 : Wed Mar 23 2016 - 16:34:34 EDT