Re: [mod-security-users] SecChrootDir problem
Brought to you by:
victorhora,
zimmerletw
From: Ivan R. <iva...@gm...> - 2008-01-22 12:41:24
|
It's annoying all right but there's nothing we can do about it: the main process must be jailed because the child processes are forked from it. Provided the jail is configured correctly (e.g. you get the filesystem permissions right -- everything owned by root, no write permissions for other accounts -- and you do not launch root processes in the jail) I think you should be safe including the binaries in the jail. On Jan 21, 2008 2:47 PM, Nick Gearls <nic...@gm...> wrote: > Hello, > > I configured Apache to work in jail with SecChrootDir, and it works > well, except for one (very annoying) point: > when doing a graceful shutdown, Apache tries to access httpd.conf, and > modules/.so defined in httpd.conf, so everything it needs to start. > Note that it does not require them when starting, only when restarting. > Shouldn't this behaviour be corrected ? The goal is to start listening > processes in the jail, but not this new process that will become the > master process, no ? > This probably requires a slight change in the logic, but it would really > worth it: you only would need "htdocs" & "logs" directories in the jail; > quite safe I guess. > > Thanks, > > Nick > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > -- Ivan Ristic |