Josi M. Fandiqo wrote:
> I'm trying upgrade a squid box to Gnu/Linux 2.2.13 with squid
> 2.2.STABLE5 and Hno's patchs.
> All run fine except the chroot feature.
What you need for chroot_dir to work is:
1. Any libraries used directly/indirectly by Squid and it's assorted
helpers (dnsserver, pinger, redirectors, proxy_auth,...).
2. Maybe some device files.
> I do % chroot /home/users/fan/pruebas/squid /bin/su - fan -c '/bin/bash'
> and once in the jail run nslookup and the resolver is okay (AA).
You shouln't have a shell in the chroot jail environment. Only a minimal
set of binaries should be there, and bash is certainly not included in
that set.
> but, running "echo www.yahoo.com | dnsserver"
> I get $fail DNS Domain 'www.yahoo.com' is invalid: Host not found
> (authoritative).
Funny ;-).
Problem is most likely related to nsswitch.conf, and/or it's helper
libraries. (hmm.. there doesn't seem to be a nsswitch.conf in your
filelisting..)
> and a "strace echo www.yahoo.com | dnsserver" return:
That line traces bash/echo, not dnsserver.
echo www.yahoo.com | strace dnsserver
> any idea?
You should consider seriously cutting down on the amount of binaries in
chroot/bin. Of the ones you have listed only unlinkd and dnsserver is
required. The rest belongs only in the "normal" system.
-- Henrik Nordstrom Squid hackerReceived on Tue Apr 11 2000 - 15:17:58 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:52:54 MST