Is there a way to use the SecChrootDir directive to chroot the web
instances, and still be able to send a HUP?
When I do this I get the following error:
mod_security: chroot successful, path=/chroot/ SecChrootDir: failed to
chdir to "/chroot/", errno=2(No such file or directory)
This makes sense, as the processes are told to re-read their config
which includes the SecChrootDir directive, so try to chroot, but the
chroot is obviously outside the gaol, so they can not see it, and the
processes all die.
mod_security v 1.9.1
From: Ivan Ristic <ivan.ristic@gm...> - 2006-09-15 14:50:07
On 9/12/06, scouser@... <scouser@...> wrote:
> Is there a way to use the SecChrootDir directive to chroot the web
> instances, and still be able to send a HUP?
You should be able to do that but only if the configuration files are
inside the jail too. That shouldn't be much of a risk assuming the
file permissions are correct (e.g. the Apache user cannot change the
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall