[mod-security-users] mod_security, apache2 and chroot -> help

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello

I'm having some major problems getting chroot to work properly with mod_security.. hoping someone will be able to help.

Currently, I'm trying to get chroot to fall into /var/chroot/apache. My apache version is apache-2.0.52-r1 and using mod_security-1.8.6.

I've created the following directories within the chroot jail

/var/chroot/apache/var/run
/var/chroot/apache/var/www
/var/chroot/apache/usr/lib/apache2

I've moved my apache files (/usr/lib/apache2) to /var/chroot/apache/usr/lib/apache2.

I've created a symlink in /usr/lib/apache2 to point to /var/chroot/apache/usr/lib/apache2.

based off of this link: http://sourceforge.net/mailarchive/forum.php?thread_id=5863509&forum_id=33492

I've edit'd the conf with this value for jail:
SecChrootDir /var/chroot/apache

I've edit'd the /etc/apache2.conf with the following values:
ServerRoot /var/chroot/apache/usr/lib/apache2
DocumentRoot /var/chroot/apache/var/www/localhost/htdocs
LoadModule security_module    extramodules/mod_security.so (this is at the top of the module stack)

Apache starts fine.. drops the pid in /var/chroot/apache/var/run/apache2.pid

but when I try to navigate to the webroot.. I constantly get a 403 forbidden error. Viewing the error logs (/var/log/apache2/error_log), I get this:

[Thu Jan 13 17:20:01 2005] [error] [client 10.1.5.5] client denied by server configuration: /var/chroot
[Thu Jan 13 17:20:01 2005] [error] [client 10.1.5.5] client denied by server configuration: /var/chroot
[Thu Jan 13 17:20:02 2005] [error] [client 10.1.5.5] client denied by server configuration: /var/chroot
[Thu Jan 13 17:20:02 2005] [error] [client 10.1.5.5] client denied by server configuration: /var/chroot

I've copied /var/www /var/chroot/apache/var/www. I'm not sure why it wants to only go to /var/chroot????

Any help is greatly appreciated!!!
thanks
hanji