chroot problem

Steve Farr sfarr at rootgroup.com
Sun Aug 9 14:30:09 UTC 2009 

I read the posts below, but am having a slightly different issue with
dhcp-4.1.0p1 and was hoping someone could help... I compiled with
--enable-paranoia --disable-dhcpv6, and am running on CentOS 5 w/ kernel
2.6.18-128.2.1.el5-x86+AF8-64 and gcc-4.1.2-44.el5. I am able to start dhcpd with
either the actual file, /proc/net/dev, copied into my chroot jail at
/chroot/dhcpd, or with the proc filesystem mounted at /chroot/dhcpd/proc +IBM-
either is fine. However, when I reboot the server, dhcpd will not start from
its rc3.d script. It throws the following error:

Aug  7 17:20:58 inres02 dhcpd: chroot(+ACI-/chroot/dhcpd+ACI-): Permission denied

But, if I just log on to the server a minute later and do +IBw-service dhcpd
start+IB0- or +IBw-/etc/init.d/dhcpd start+IB0- the service comes right up with no
problems. Does anyone have any suggestions?

-Steve

+ACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKgAqACoAKg-

Niall, 

Thanks for your help. I was able to resolve the issue by creating

/proc/net within the chroot jail and copying dev and if+AF8-inet6 there.

Chris Vaughan

-----Original Message-----

From:  +ADw-https://lists.isc.org/mailman/listinfo/dhcp-users+AD4- dhcp-users-bounces
at lists.isc.org

+AFs-mailto: +ADw-https://lists.isc.org/mailman/listinfo/dhcp-users+AD4-
dhcp-users-bounces at lists.isc.org+AF0- On Behalf Of

 +ADw-https://lists.isc.org/mailman/listinfo/dhcp-users+AD4- dhcp-users-request at
lists.isc.org

Sent: Thursday, 15 January 2009 8:19 PM

To:  +ADw-https://lists.isc.org/mailman/listinfo/dhcp-users+AD4- dhcp-users at
lists.isc.org

Subject: dhcp-users Digest, Vol 3, Issue 20

Send dhcp-users mailing list submissions to

         +ADw-https://lists.isc.org/mailman/listinfo/dhcp-users+AD4- dhcp-users at
lists.isc.org

To subscribe or unsubscribe via the World Wide Web, visit

         +ADw-https://lists.isc.org/mailman/listinfo/dhcp-users+AD4-
https://lists.isc.org/mailman/listinfo/dhcp-users

or, via email, send a message with subject or body 'help' to

         +ADw-https://lists.isc.org/mailman/listinfo/dhcp-users+AD4-
dhcp-users-request at lists.isc.org

You can reach the person managing the list at

         +ADw-https://lists.isc.org/mailman/listinfo/dhcp-users+AD4- dhcp-users-owner
at lists.isc.org

When replying, please edit your Subject line so it is more specific

than +ACI-Re: Contents of dhcp-users digest...+ACI-


Today's Topics:

   1. Re: Chroot issue (Niall O'Reilly)

   2. Re: Shared Network (
+ADw-https://lists.isc.org/mailman/listinfo/dhcp-users+AD4- mattf at etex.net)

   3. Restart Problem - segfault ... error 15 (Tarik Gasmi)

   4. Match if substring ... (Matej)

   5. Re: Match if substring ... (Matej)

   6. List archives... (E Johnson)

   7. RE: List archives... (Frank Bulk - iName.com)

   8. lease file: Bad file descriptor, Broken pipe (Rudy Gevaert)


----------------------------------------------------------------------

Message: 1

Date: Wed, 14 Jan 2009 13:01:42 +-0000

From: Niall O'Reilly +ADw- +ADw-https://lists.isc.org/mailman/listinfo/dhcp-users+AD4-
Niall.oReilly at ucd.ie+AD4-

Subject: Re: Chroot issue

To: Users of ISC DHCP +ADw- +ADw-https://lists.isc.org/mailman/listinfo/dhcp-users+AD4-
dhcp-users at lists.isc.org+AD4-

Cc:  +ADw-https://lists.isc.org/mailman/listinfo/dhcp-users+AD4- Niall.oReilly at
ucd.ie

Message-ID: +ADw- +ADw-https://lists.isc.org/mailman/listinfo/dhcp-users+AD4-
1231938102.6843.101.camel at d410-heron+AD4-

Content-Type: text/plain

On Wed, 2009-01-14 at 13:40 +-1100, Chris Vaughan wrote:

+AD4- I have compiled ISC DHCP 4.1.0 on CentOS 5 with the --enable-paranoia

+AD4- and -enable-early-chroot 

        I expect that '--enable-early-chroot' is significant.

+AD4- options, when I go to start this to run in a

+AD4- chroot jail, I am confronted with an error, as follows.

+AD4- 

+AD4- dhcpd -chroot /var/dhcp -user dhcp -group dhcp

+AD4- Internet Systems Consortium DHCP Server 4.1.0

+AD4- Copyright 2004-2008 Internet Systems Consortium.

+AD4- All rights reserved.

+AD4- For info, please visit  +ADw-http://www.isc.org/sw/dhcp/+AD4-
http://www.isc.org/sw/dhcp/

+AD4- Wrote 0 leases to leases file.

+AD4- Error opening '/proc/net/dev' to list interfaces

+AD4- Can't get list of interfaces.

        Reference to /proc/... is relative to your current file-system

        root.  That's to say that dhcpd is looking for 

        /var/dhcp/proc/..., which very likely doesn't exist.

        I've used Edelkind's 'paranoia patch' for years, and am very

        pleased that ISC have integrated it into their release, not 

        least because I nagged for it.  Although I haven't any 

        experience yet with 4.1, I suspect that you can avoid the 

        problem by disabling the 'early' chroot.  The idea is (or used 

        to be) that any tasks which would fail due to the relevant file

        systems being unavailable after chroot are done before a 'late' 

        chroot.

        Otherwise, you'll need to mount the /proc filesystem also at 

        /var/dhcp/proc.  You may also need some of the files below /dev.

        Best regards

        Niall O'Reilly

        University College Dublin IT Services





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https:+AC8ALw-lists.isc.org+AC8-pipermail+AC8-dhcp-users+AC8-attachments+AC8-20090809+AC8-d66d0d82+AC8-attachment.html>

More information about the dhcp-users mailing list