View previous topic :: View next topic |
Author |
Message |
ReD-BaRoN Apprentice
Joined: 06 Feb 2004 Posts: 208
|
Posted: Sat May 22, 2004 3:30 pm Post subject: What's needed in a chrooted environment to create a socket |
|
|
Having this problem with dhcpd when it tries to start, and looking at the dhcpd source, it seems to be a socket creation problem.
For example, when dhcpd trys to do:
Code: | socket(PF_PACKET, SOCK_PACKET, htons((short)ETH_P_ALL)); |
or
Code: | socket = socket (AF_INET, SOCK_RAW, 1) |
in a chrooted environment, it won't work.
However, in a regular (non-chrooted) environment, it works just fine. I'm wondering what I'm missing in my chrooted environment to get this to work.
Thanks,
Brian |
|
Back to top |
|
|
moocha Watchman
Joined: 21 Oct 2003 Posts: 5722
|
Posted: Sun May 23, 2004 4:40 am Post subject: |
|
|
I suspect that's intentional behavior, to avoid breaking restrictions in a jailed environment. Grsecurity for example has something related to this.
You might want to take a look at Linux Capabilities: _________________ Military Commissions Act of 2006: http://tinyurl.com/jrcto
"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
-- attributed to Benjamin Franklin |
|
Back to top |
|
|
Hackeron Guru
Joined: 01 Nov 2002 Posts: 307
|
Posted: Tue Jun 08, 2004 10:23 am Post subject: |
|
|
To tell you the truth, I'm not 100% aware of what happened on the low level. It is really as easy as USE="chroot" emerge dhcpd, from there it was self explanatory for me.
Here are all files in /chroot/dhcpd:
./dev
./etc
./etc/dhcp
./etc/dhcp/dhclient-script.sample
./etc/dhcp/dhcpd.conf.sample
./etc/dhcp/dhcpd.conf
./etc/dhcp/dhclient.conf.sample
./var
./var/lib
./var/lib/dhcp
./var/lib/dhcp/.keep
./var/lib/dhcp/dhcpd.leases~
./var/lib/dhcp/dhcpd.leases
./var/run
./var/run/dhcp
./var/run/dhcp/dhcpd.pid
./var/state
./var/state/dhcp
./var/state/dhcp/dhcpd.leases
So as you can see, nothing in ./dev, and this was all auto created by clever gentoo.
And
8316 dhcp 19 0 2728 1532 1960 S 0.0 0.2 0:00.03 dhcpd --- notice that dhcpd is infact running as the dhcp user NOT as root!.
So koodos to gentoo for keeping my system as secure as possible
Any other info you would like to know from me? -- I cant tell you exactly what I did, I didnt really pay attention, it was just all extremely easy and portage did all the work... |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|