Date: Wed, 20 Jan 2016 08:27:07 +0000 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Subject: Re: resolver not working in a chroot Message-ID: <569F44DB.4080406@FreeBSD.org> In-Reply-To: <569eeb77.GFz8dwXgj3CL44SN%perryh@pluto.rain.com> References: <569e05b6.2RStkLc7SZIg/dVM%perryh@pluto.rain.com> <569E12B2.5090302@freebsd.org> <569eeb77.GFz8dwXgj3CL44SN%perryh@pluto.rain.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --JMquF8p7c446sEOu6N82PA16SI3C13G5R Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 20/01/2016 02:05, Perry Hutchison wrote: > Matthew Seaman <matthew@freebsd.org> wrote: >> On 01/19/16 09:45, Perry Hutchison wrote: >>> The resolver is not working in a chroot (to the 10.2 memstick image, >>> with its /tmp, /var/run, and /var/tmp made writable by mounting tmpfs= >>> on them): >>> # chroot -u 0 -g 0 -G 105,0,5,20,25 /mnt ping pkg.FreeBSD.org >>> ping: cannot resolve pkg.FreeBSD.org: Host name lookup failure >>> but it works when not in a chroot: >>> # ping pkg.FreeBSD.org >>> PING pkg.FreeBSD.org (96.47.72.71): 56 data bytes >>> 64 bytes from 96.47.72.71: icmp_seq=3D0 ttl=3D51 time=3D97.329 ms >>> ... >>> What would cause this? >> >> You've mounted the 10.2 memstick image on /mnt? >=20 > Yes. >=20 >> Do you have a devfs mounted inside the chroot? Try running: >> >> # mount -t devfs devfs /mnt/dev >> >> and then try your chroot'ed command again. Interesting to see >> if that helps. >=20 > The mount command worked -- there's now a devfs in the chroot > environment -- but it didn't help. I still get the same error. > I also tried running "mount -t devfs devfs /dev" in the chroot > (after unmounting /mnt/dev), and that didn't help either. >=20 > There must be some difference in the lookup mechanisms between > the resolver and host(1), since host(1) works in the chroot. Yes. host(1) uses only the DNS, whereas the general resolver functions can use all sorts of resolution mechanisms -- see nsswitch.conf(5). In order to track down exactly what the problem is I'd be running that ping command under truss(1) to try and spot what the failure is. That's not guaranteed to work, nor is it generally completely obvious from the truss output what the trouble may be. My guess though is that something is read-only which the system expects to be read-write. Cheers, Matthew --JMquF8p7c446sEOu6N82PA16SI3C13G5R Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 iQJ8BAEBCgBmBQJWn0TbXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATjVsP/jSqih4q+pSe4p8UsE962vyF 4/eKRuVU37i3JuFb3eSBSX4I+1C4A5KBJc8zr7xcOZf8xLZ2kWP78ByGe09Pr4k/ C8Fh5gPJVy8/Hex3xx2fkRisBxyPQHzNdYgv1qzDr4GD212byoZOc8FGalheK9Fv 7y1qrSSMQ9WtYIDYXtlunR0OT81DFI6Z4hD6CvrHa2XzaIwst6WZ9LUaB98Y+96E Gmn9pEvK7Pbormcr29MMcpc+zMSoRhmXTXmyqUCgSRP+oKKqd/3TvtcLvxM8j+at UIJsiD8IdcCOZcRXvrETwMYIzaUFJ4wD7adUmeQf5Ht3gElLOzjfIs88WDTLuDvI hNYwFKuVEmBG76RWOEC0S0u1j9RlN+gp5rf14d+JHoFfAnoA1eQmxOu1Rm9g6N6c wQF0tQpq9znbLJSKKrO4wOGIuRX9M3FHs5sYk8LruOOJZIjPSzErZuHPHu9Hykw7 gaFlPopGZX+688w2mf2cmqYwy6dl3ij4laTfa6xpW2mTIj6cq/Jzo3w4Xz0HwFUf Pq8D5vpHV10TJMYB7HcbXZNw3KeWkuvIJSzmJP2f1uFjfparkpEWQQaaWZDJDOfO 4YyQwAXGLqV8n8qkfcWpQMCbqEgUs5AfhFRDSR5itjUhue5MfW6JuWk9RumtmUz/ /jREtzm/gyeDNmCaMIHS =t3wf -----END PGP SIGNATURE----- --JMquF8p7c446sEOu6N82PA16SI3C13G5R--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?569F44DB.4080406>