Date: Wed, 22 Sep 1999 15:07:13 +0200 From: Graham Wheeler <gram@cequrux.com> To: hackers@freebsd.org Subject: Domain sockets and chroot Message-ID: <37E8D481.5A8C484A@cequrux.com>
next in thread | raw e-mail | index | archive | help
Hi all I have an interesting problem. I have two processes that need to communicate via a domain socket. One of the processes (the client) runs in a chrooted environment. The server creates a domain socket to listen for requests with the path /cage/tmp/server. The client runs chrooted in the /cage directory, and creates a domain socket /tmp/client.<pid>. It sends a request to the server with a sendto() specifying the socket address /tmp/server. The server received the request okay, but gets the sender socket address /tmp/client.<pid> ; i.e. it is the chrooted view of the client socket. If it tries to send back a response, it fails (no such file or directory). I have tried having the server prepend /cage to the client socket address before sending the response, but this has made no difference, even though (in the non-chrooted view) /cage/tmp/client.<pid> clearly does exist. Does anyone have an idea why prepending /cage doesn't work, and how I can solve this? And is this arguably a bug with chroot()/recvfrom()? TIA gram -- Dr Graham Wheeler E-mail: gram@cequrux.com Cequrux Technologies Phone: +27(21)423-6065/6/7 Firewalls/Virtual Private Networks Fax: +27(21)24-3656 Data/Network Security Specialists WWW: http://www.cequrux.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37E8D481.5A8C484A>