Troubleshoot chroot Environment Problems

If a service within a chroot environment is not working correctly, the first thing to do is carefully review the strace output and make sure every required file is present. Very often, a few common, non-sensitive files in the /etc directory, such as resolv.conf and nsswitch.conf, have been forgotten.

Many programs will write error messages to syslog or to /var/log/messages by default. Remember, this is the /var/log/messages in the chroot directory (/opt/chroot/var/log/messages) and not the /var/log/messages file of the root file system.

Be aware of incorrect file permissions. Many services are sensitive to file ownership and modes. Whenever possible, use cp -p to preserve the original file permissions when copying files from their original location to the chroot environment. The tar command also uses -p , or you can specify --preserve as a long option.

If you have placed the chroot directory structure on its own partition or set disk quotas, make sure that sufficient disk space remains for the program to execute, write to temporary files, write logfiles, and otherwise be able to access some free disk space. You can reduce the logging overhead by using syslog to send events to another server rather than write to the chroot directory.

Mounting chroot systems over NFS is not a good idea. NFS will squash root privileges on files by default and silently map them to the nobody user . So, aside from the possible performance impact, NFS may wreak havoc on the file permissions you expect for the environment.

Hardening Linux
Hardening Linux
ISBN: 0072254971
EAN: 2147483647
Year: 2004
Pages: 113

Similar book on Amazon © 2008-2017.
If you may any questions please contact us: