Re: [mod-security-users] Update to manual for SecChrootDir
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Update to manual for SecChrootDir
|
From: Brian R. <bre...@gm...> - 2010-08-02 21:34:15
|
On Thu, Jul 29, 2010 at 3:30 PM, David Fletcher <Da...@me...> wrote: > I was looking at the documentation today for the first time in ages, and > noticed the entry for SecChrootDir makes this feature look a lot less > useful than it is. > > There's a list of 3 things which are likely to cause problems, but no > hits about the fixes. Could the hits be added to help people use this > feature? > > 1) DNS lookups do not work (this is because this feature requires a > shared library that is loaded on demand, after chroot takes place). > Solution: place copies of the required libraries within the chroot, this > is likely to include libnss_dns, libnss_files, libresolv. > > 2) You cannot send email from PHP because it uses sendmail and sendmail > is outside the jail. > Solution: Run a local mailserver, and get PHP to connect to it via a > network port. > > Regards, > > David. > Actually, what it should say is *deprecated* :) You should instead use the native support in 2.2.10 and later versions... http://httpd.apache.org/docs/2.2/mod/mpm_common.html#chrootdir -B |
