Your message dated Tue, 23 Feb 2010 00:33:06 +0000
with message-id <[email protected]>
and subject line Bug#171842: fixed in makejail 0.0.5-8
has caused the Debian Bug report #171842,
regarding Include doc and config files to set up chrooted Apache
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
171842: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=171842
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: makejail
Version: 0.0.4-1
Severity: wishlist
Could you include more documentation explaining how to chroot common
servers with makejail? Example: Apache. This could include a more complete
/etc/makejail/apache config file, a custom /etc/init.d/apache startup file,
and possibly a script to automate setting up a chrooted Apache on a Debian
system.
I enclosed two examples config files, which are known to work on my system.
Also, I am writing up a howto that explains how to setup a chrooted Apache
with makejail. If you are interested, I can send you a link when the howto
is available in English.
Last, I started toying with a Python script to automate setting up a
chrooted Apache daemon. If you are interested, I can send it to you when
ready for possible inclusion or reuse.
--
http://www.gabuzomeu.net/alex/
chroot="/var/chroot/apache"
#testCommandsInsideJail=["/usr/sbin/apachectl start"]
testCommandsInsideJail=["start-stop-daemon --start --pidfile
/var/run/apache.pid --exec /usr/sbin/apache"]
processNames=["apache"]
# Eventually append here the commands which access some services
# such as cgi or php scripts, database access, ...
testCommandsOutsideJail=["wget -r --spider http://localhost/";,
"lynx --source https://localhost/";]
# Files that should not be deleted when the jail
# is cleaned.
preserve=["/var/www",
"/var/log/apache",
"/dev/log"]
users=["chrapach"]
groups=["chrapach"]
packages=["apache", "apache-common"]
userFiles=["/etc/password",
"/etc/shadow"]
groupFiles=["/etc/group",
"/etc/gshadow"]
forceCopy=["/etc/hosts",
"/etc/mime.types"]
# launch makejail
#
# copy the documents and the logs to the jail
# cp -Rp /var/www /var/chroot/apache/var
# cp -Rp /var/log/apache/*.log /var/chroot/apache/var/log/apache
#
# configure syslog to also listen to the socket /var/chroot/apache/dev/log,
restart sysklogd
#
# In the startup script /etc/init.d/apache, just change the paths
# of variables used from outside the jail:
# APACHECTL="chroot /var/chroot/apache /usr/sbin/apachectl" (remove the line
which tests -f $APACHECTL)
# PIDFILE=/var/chroot/apache/var/run/$NAME.pid
# CONF=/var/chroot/apache/etc/apache/httpd.conf
#
# handle /proc in the script (mount when it starts, unmount when it stops):
# chroot /var/chroot/apache /bin/mount /proc
#
# apache can fail starting though apachectl doesn't fail, see error.log in the
chroot
#
# tested successfully with apache 1.3.22 on Debian woody
# (also with php4, mysql and a search engine)
# OpenBSD
#processNames=["httpd"]
#users=["nobody"]
#groups=["nogroup","www"]
#! /bin/bash
#
# apache Start the apache HTTP server.
#
CHRDIR=/var/chroot/apache
NAME=apache
PATH=/bin:/usr/bin:/sbin:/usr/sbin
DAEMON=/usr/sbin/apache
SUEXEC=/usr/lib/apache/suexec
PIDFILE=/var/run/$NAME.pid
CONF=/etc/apache/httpd.conf
APACHECTL=/usr/sbin/apachectl
trap "" 1
export LANG=C
export PATH
test -f $DAEMON || exit 0
test -f $APACHECTL || exit 0
# ensure we don't leak environment vars into apachectl
APACHECTL="env -i LANG=${LANG} PATH=${PATH} $APACHECTL"
if egrep -q -i "^[[:space:]]*ServerType[[:space:]]+inet" $CONF
then
exit 0
fi
case "$1" in
start)
echo -n "Starting web server: $NAME"
mount -t proc proc /var/chroot/apache/proc
start-stop-daemon --start --pidfile $PIDFILE --exec $DAEMON \
--chroot $CHRDIR
;;
stop)
echo -n "Stopping web server: $NAME"
start-stop-daemon --stop --pidfile "$CHRDIR/$PIDFILE" --oknodo
umount /var/chroot/apache/proc
;;
reload)
echo -n "Reloading $NAME configuration"
start-stop-daemon --stop --pidfile "$CHRDIR/$PIDFILE" \
--signal USR1 --startas $DAEMON --chroot $CHRDIR
;;
reload-modules)
echo -n "Reloading $NAME modules"
start-stop-daemon --stop --pidfile "$CHRDIR/$PIDFILE" --oknodo \
--retry 30
start-stop-daemon --start --pidfile $PIDFILE \
--exec $DAEMON --chroot $CHRDIR
;;
restart)
$0 reload-modules
exit $?
;;
force-reload)
$0 reload-modules
exit $?
;;
*)
echo "Usage: /etc/init.d/$NAME
{start|stop|reload|reload-modules|force-reload|restart}"
exit 1
;;
esac
if [ $? == 0 ]; then
echo .
exit 0
else
echo failed
exit 1
fi
--- End Message ---
--- Begin Message ---
Source: makejail
Source-Version: 0.0.5-8
We believe that the bug you reported is fixed in the latest version of
makejail, which is due to be installed in the Debian FTP archive:
makejail_0.0.5-8.diff.gz
to main/m/makejail/makejail_0.0.5-8.diff.gz
makejail_0.0.5-8.dsc
to main/m/makejail/makejail_0.0.5-8.dsc
makejail_0.0.5-8_all.deb
to main/m/makejail/makejail_0.0.5-8_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Javier Fernandez-Sanguino Pen~a <[email protected]> (supplier of updated
makejail package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 23 Feb 2010 00:51:25 +0100
Source: makejail
Binary: makejail
Architecture: source all
Version: 0.0.5-8
Distribution: unstable
Urgency: low
Maintainer: Javier Fernandez-Sanguino Pen~a <[email protected]>
Changed-By: Javier Fernandez-Sanguino Pen~a <[email protected]>
Description:
makejail - Automatically create chroot jails for programs
Closes: 171842 193087 310781 392773 495112 495116 495118 495118 495147 495277
570607
Changes:
makejail (0.0.5-8) unstable; urgency=low
.
[ Changes by Florian Grandel <[email protected] ]
* Makejail default configuration now in /etc/makejail/makejail.conf
There is no conflict now with the /etc/makejail/ directory
and it is possible for the administrator to set defaults (Closes: #495112)
* Changed default for straceCommand/straceCommandPid to include child
threads (strace -ff)
* Changed default for doNotCopy for security reasons (added /proc)
* cleanJailFirst default now correctly documented, manual page now indicates
* that the default value for cleanJailFirst is
0 and not 1 (Closes: #495118) (closes: #495118)
* should now preserve POSIX attributes (closes: #310781), still
does not preserve ext2/ext3 attributes however
* now copies directory as a result of chdir by introducing additional
patterns to be processed in the strace (closes: #392773)
* now chowns copied files (closes: #495147)
* now correctly handles strace -ff (closes: #495277)
* fixes several lintian warnings
* updated policy version
* debian/rules: now builds the documentation (should not be included in
source)
.
[ Changes by Javier Fernandez-Sanguino ]
* Use debhelper compatibility version 5
* Check if /sbin/ldconfig.real exists (Ubuntu systems) and set
pathToLdConfig to /sbin/ldconfig.real to avoid
introducing bash in all jails. (LP: #263614, closes: #495116)
* Review documentation to fix a widespread typo in makejail
(librairies->libraries)
* Remove ISO-8859-1 encoding in examples/sshd.py as it prevented
it from being loaded in newer python versions due to issues
in enconding.
* Include the pam.d/common-* files in the example for sshd.
* Provides a more descriptive message if the target chroot directory does
not exist (Closes: #193087, #570607)
* Added Alexandre Ratti's documentation on how to setup a chrooted Apache
with makejail, credit him in debian/copyright and distribute the files
under the examples/ directory adjusting also the apache.py file.
(Closes: #171842)
* Add the Homepage location to debian/control as a pseudo-header
* Highlight in the manpage that the package is heavily patched
Checksums-Sha1:
cf2b58dc01f9a88a0d78204cd325a6f289b5038f 1068 makejail_0.0.5-8.dsc
6d9e4d0a0f4c741347784043cfcb8ace8cca43b4 14443 makejail_0.0.5-8.diff.gz
bf7aa97cada55b748985d68e558a282cd652af7c 35452 makejail_0.0.5-8_all.deb
Checksums-Sha256:
894a6b5d09ce15f4b00eabd854d1ce6a09799dd98002cdcc028af5aa2a4a88d0 1068
makejail_0.0.5-8.dsc
cfa02bb3909a31cf75905b4c4a06aac39d0bf165883e2d3874cd5066fbf7eb0a 14443
makejail_0.0.5-8.diff.gz
9ee61438ff41a2e0092e0ef03982b1145a2a469364270c84e26bf14d7ad9cc9c 35452
makejail_0.0.5-8_all.deb
Files:
9ac4686cada7ef5335666c160045af54 1068 admin optional makejail_0.0.5-8.dsc
5678801b26901c6d8298b77fb3392cd1 14443 admin optional makejail_0.0.5-8.diff.gz
e9c60a5d81b13d01dbc184728528732a 35452 admin optional makejail_0.0.5-8_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFLgx4SsandgtyBSwkRAr5nAJ9BbBHU5VAmmxI0+8y5x/VfPVfmAgCePnyG
H6I/sMlnhfI00he5VgQSSGE=
=SQRC
-----END PGP SIGNATURE-----
--- End Message ---
