On Friday 20 October 2006 22:40, Mathieu CARBONNEAUX wrote: > i'm searching about to ameliorate chroot funciton of "mod_chroot" and > "mod_security" module to be working normaly with apache reload. > > the probleme is that the chroot occure in apache main processes who control > child forking... and not in the start of the child (after the fork)... > > because of that the chroot are permanante... and the apache main process > canot be abel to reload configuration file that are outside of the > chroot... > > my first idea is to make chroot in child_init hook in place of > post_config... but...they dont work... and when have analysed the apache > code have found why no working: > > the child_init hook occure after the setuid (unixd_setup_child) and after > that is not possible to make chroot beceause at this point dont have the > nessery right to do that... > > my question is how to make possible root action in child init phase? > > displacing the hook before "unixd_setup_child" ? but what is the impact of > this ? > > adding a other hook placed before "unixd_setup_child" ? > > i'm interested of idea to resolve this!
In the main apache:
d=open("/", O_RDONLY); chroot("/new/root");
At reload time:
fchdir(d); chroot("."); do_reload(); chroot("/new/root");
At child_init:
close(d);
Torsten
pgphFifWHeSEA.pgp
Description: PGP signature
