SUMMARY: Chroot'ed Sendmail but no more Syslog

From: Fabrice Guerini <fabrice_at_bluemartini.com>
Date: Tue Feb 12 2002 - 14:19:25 EST
As John Coleman justly pointed out, I didn't need to jail the syslogd(1M)
daemon, but I needed to have the proper devices in the jail. Here are the
devices and files I added to make it work properly:

      /dev/conslog
      /dev/udp
      /dev/tcp
      /etc/default/init
      /usr/platform/SUNW,UltraSPARC-IIi-cEngine/lib/libc_psr.so.1
      /usr/share/lib/zoneinfo/US/Pacific

The /etc/defaul/init and time zone files are needed in order for the
timestamps to be correct in the log. From what I can tell, /dev/conslog was
the one critical to making it work. Note also that these files are no
longer necessary under the 'chroot' environment (messages get logged to the
normal /var/log/syslog):

      /var/log/syslog
      /var/adm/messages
      /dev/console
      /dev/log
      /dev/sysmsg

Cheers!

--Fabrice

------------------ My Original Message ------------------
>Sun Gods:
>
>I successfully created a chroot(1M) environment to run a secure instance of
>Sendmail 8.12.1. Unfortunately, the negative side effect of this was that I
>stopped getting log messages via syslogd(1M) from Sendmail (silly me, I
>thought Sendmail would just send its log messages to the UDP port 514).
>
>So, I tried to migrate the syslogd daemon to a chroot environment as well,
>copying the necessary files as indicated below. Alas, syslogd does start
>and (apparently) reads its configuration file correctly (as evidenced by
>starting the daemon with the "-d" flag), but no message ever gets logged
>from Sendmail. I know that syslogd *can* log messages, because when I kill
>the daemon, I to get a message (the only one I ever get):
>
>         Feb 11 19:39:41 sparky syslogd: going down on signal 2
>
>Here are the files I copied:
>
>    # cd /var/chroot/sendmail/
>    # cp -p /usr/sbin/syslogd        usr/sbin/
>    # cp -p /etc/services            etc/
>    # cp -p /etc/syslog.conf         etc/
>    # cp -p /usr/ccs/bin/m4          usr/ccs/bin/
>    # cp -p /usr/lib/libc.so.1       usr/lib/
>    # cp -p /usr/lib/libdl.so.1      usr/lib/
>    # cp -p /usr/lib/libdoor.so.1    usr/lib/
>    # cp -p /usr/lib/libmp.so.2      usr/lib/
>    # cp -p /usr/lib/libnsl.so.1     usr/lib/
>    # cp -p /usr/lib/libpthread.so.1 usr/lib/
>    # cp -p /usr/lib/libthread.so.1  usr/lib/
>    # mkdir var/log
>    # touch var/log/syslog
>    # mkdir var/adm
>    # touch var/adm/messages
>    # mknod dev/console c  0  0
>    # mknod dev/udp     c 11 41
>    # mknod dev/null    c 13  2
>    # mknod dev/zero    c 13 12
>    # mknod dev/log     c 21  5
>    # mknod dev/sysmsg  c 97  0
>    # chown root:tty dev/console
>    # chown root:sys dev/udp dev/null dev/zero dev/log dev/sysmsg
>    # chmod 620 dev/console
>    # chmod 666 dev/udp dev/null dev/zero
>    # chmod 640 dev/log
>    # chmod 600 dev/sysmsg
>
>Has anyone successfully accomplished this feat before? Even if you haven't,
>I'll accept any suggestions.


+===========================================================+
| Fabrice Guirini               Blue Martini Software, Inc. |
| Senior Operations Engineer    2600 Campus Drive           |
| Tel: (650) 356-7576           San Mateo, CA 94403-2522    |
| Fax: (650) 356-4001           www.bluemartini.com         |
+===========================================================+
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Tue Feb 12 13:24:19 2002

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:34 EST