Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

What's needed in a chrooted environment to create a socket
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
ReD-BaRoN
Apprentice
Apprentice


Joined: 06 Feb 2004
Posts: 208
PostPosted: Sat May 22, 2004 3:30 pm    Post subject: What's needed in a chrooted environment to create a socket Reply with quote
Having this problem with dhcpd when it tries to start, and looking at the dhcpd source, it seems to be a socket creation problem.

For example, when dhcpd trys to do:

Code:
socket(PF_PACKET, SOCK_PACKET, htons((short)ETH_P_ALL));


or

Code:
socket = socket (AF_INET, SOCK_RAW, 1)


in a chrooted environment, it won't work.

However, in a regular (non-chrooted) environment, it works just fine. I'm wondering what I'm missing in my chrooted environment to get this to work.

Thanks,
Brian
Back to top
View user's profile Send private message
moocha
Watchman
Watchman


Joined: 21 Oct 2003
Posts: 5722
PostPosted: Sun May 23, 2004 4:40 am    Post subject: Reply with quote
I suspect that's intentional behavior, to avoid breaking restrictions in a jailed environment. Grsecurity for example has something related to this.
You might want to take a look at Linux Capabilities:
Code:
man capabilities

_________________
Military Commissions Act of 2006: http://tinyurl.com/jrcto

"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
-- attributed to Benjamin Franklin
Back to top
View user's profile Send private message
Hackeron
Guru
Guru


Joined: 01 Nov 2002
Posts: 307
PostPosted: Tue Jun 08, 2004 10:23 am    Post subject: Reply with quote
To tell you the truth, I'm not 100% aware of what happened on the low level. It is really as easy as USE="chroot" emerge dhcpd, from there it was self explanatory for me.

Here are all files in /chroot/dhcpd:

./dev
./etc
./etc/dhcp
./etc/dhcp/dhclient-script.sample
./etc/dhcp/dhcpd.conf.sample
./etc/dhcp/dhcpd.conf
./etc/dhcp/dhclient.conf.sample
./var
./var/lib
./var/lib/dhcp
./var/lib/dhcp/.keep
./var/lib/dhcp/dhcpd.leases~
./var/lib/dhcp/dhcpd.leases
./var/run
./var/run/dhcp
./var/run/dhcp/dhcpd.pid
./var/state
./var/state/dhcp
./var/state/dhcp/dhcpd.leases

So as you can see, nothing in ./dev, and this was all auto created by clever gentoo.

And
8316 dhcp 19 0 2728 1532 1960 S 0.0 0.2 0:00.03 dhcpd --- notice that dhcpd is infact running as the dhcp user NOT as root!.

So koodos to gentoo for keeping my system as secure as possible


Any other info you would like to know from me? -- I cant tell you exactly what I did, I didnt really pay attention, it was just all extremely easy and portage did all the work...
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy