From: SourceForge.net <no...@so...> - 2005-08-30 14:23:34
|
Bugs item #1276666, was opened at 2005-08-30 10:23 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=111118&aid=1276666&group_id=11118 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: unix-specific Group: version 3.0 Status: Open Resolution: None Priority: 5 Submitted By: Stephen Gildea (gildea) Assigned to: Nobody/Anonymous (nobody) Summary: load resolver files before chroot (patch) Initial Comment: Privoxy's support for chroot is good, but here is a patch to make it even easier to use. The first time a process does host-name resolution, many implementations of gethostbyname() read files from /etc and load shared libraries from /lib. Since the first time privoxy calls gethostbyname() is after the chroot(), all these files need to be copied into the chroot tree. However, copying these files can be avoided if we have privoxy do one gethostbyname() before the chroot(). Then privoxy can use the copies in the real /etc and /lib. The following patch does this. The patch also adds a "--chroot-hostname" command line option to control the hostname resolved. This allows for performance optimization; it is not necessary to use this option to improve your chroot experience. Having this patch may have helped the user who reported tracker item 888377. I note that the author of the original chroot patch wanted to add a tzset() call before the chroot, but it never happened. I see this need, too, and my patch also adds a tzset call. This causes /etc/localtime to be read before the chroot. I have the Debian 3.0.3-4 package, and these diffs are against that. I looked for your CVS sources but couldn't find the branch the Debian package is based on. < Stephen --- privoxy-3.0.3/jcc.c 2005-08-28 21:45:03 -0700 +++ jcc.c 2005-08-29 12:28:47 -0700 @@ -1762,7 +1762,7 @@ void usage(const char *myname) #if !defined(unix) "Usage: %s [--help] [--version] [configfile]\n" #else - "Usage: %s [--help] [--version] [--no-daemon] [--pidfile pidfile] [--user user[.group]] [configfile]\n" + "Usage: %s [--help] [--version] [--no-daemon] [--pidfile pidfile] [--chroot-hostname hostname] [--chroot] [--user user[.group]] [configfile]\n" #endif "Aborting.\n", myname); @@ -1806,6 +1806,7 @@ int main(int argc, const char *argv[]) struct group *grp = NULL; char *p; int do_chroot = 0; + char *chroot_hostname_to_load_resolver = NULL; #endif Argc = argc; @@ -1869,6 +1870,23 @@ int main(int argc, const char *argv[]) if (p != NULL) *--p = '\0'; } + else if (strcmp(argv[argc_pos], "--chroot-hostname" ) == 0) + { + /* + * For fastest startup speed, a good value for the chroot + * hostname lookup is a host name that is not in /etc/hosts + * but that your local name server (listed in + * /etc/resolv.conf) can resolve without recursion (that is, + * without having to ask any other name servers). + * The hostname need not exist, but if it doesn't, an error + * message (which can be ignored) will be output. + * If not set, a default is used. If set to the empty string, + * the extra lookup is skipped. + */ + if (++argc_pos == argc) usage(argv[0]); + chroot_hostname_to_load_resolver = strdup(argv[argc_pos]); + } + else if (strcmp(argv[argc_pos], "--chroot" ) == 0) { do_chroot = 1; @@ -2060,6 +2078,25 @@ int main(int argc, const char *argv[]) { log_error(LOG_LEVEL_FATAL, "Home directory for %s undefined", pw->pw_name); } + /* Read the time zone file from /etc before doing chroot. */ + tzset(); + if (NULL == chroot_hostname_to_load_resolver) + { + /* default to a hostname not likely to be in /etc/hosts */ + chroot_hostname_to_load_resolver = strdup("."); + } + if (NULL != chroot_hostname_to_load_resolver + && '\0' != chroot_hostname_to_load_resolver[0]) + { + /* + * On some systems, initializing the resolver library + * involves reading config files from /etc and/or loading + * additional shared libraries from /lib, so we do one + * hostname lookup before the chroot to reduce the number + * of files that must be copied into the chroot tree. + */ + (void) resolve_hostname_to_ip(chroot_hostname_to_load_resolver); + } if (chroot(pw->pw_dir) < 0) { log_error(LOG_LEVEL_FATAL, "Cannot chroot to %s", pw->pw_dir); ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=111118&aid=1276666&group_id=11118 |