Wow. Surprised you got that far. The chroot feature of mod_wsgi pretty well has no documentation. At best there might be some comments about it buried in the release notes somewhere.
Before we try and sort out the issue, I might say that the better way of trying to isolate an application these days would be to use Docker. I realise this means learning a bit about how to install and manage Docker, but as far as running Apache/mod_wsgi under Docker, the experience is much much better as I provide a prebuilt Docker image for doing it. This Docker image is something I don't think I have mentioned here on the mod_wsgi mailing list as it has only been out there for a week or so. I have recently started blogging about it and have two posts up about it: Hosting Python WSGI applications using Docker. Deferred build actions for Docker images. The actual Docker Hub entry is: https://registry.hub.docker.com/u/grahamdumpleton/mod-wsgi-docker/ Anyway, for chroot, can you confirm a few things. First is whether the Python version outside of the chroot is the default operating system Python installation for 2.7 and that the mod_wsgi is also the operating system binary package also. Double check what version of Python mod_wsgi is installed for. I would imagine it should be Python 2.7, but want to make sure isn't 2.6. http://code.google.com/p/modwsgi/wiki/CheckingYourInstallation#Python_Installation_In_Use Now inside of the chroot, did you also use the default operating system Python installation for 2.7. Inside of the chroot, run the 'python' command line and see if datetime can imported. $ python Python 2.7.2 (default, Oct 11 2012, 20:14:37) [GCC 4.2.1 Compatible Apple Clang 4.0 (tags/Apple/clang-418.0.60)] on darwin Type "help", "copyright", "credits" or "license" for more information. >>> import datetime >>> datetime.__file__ '/Users/graham/Python/docker/lib/python2.7/lib-dynload/datetime.so' Graham On 11/12/2014, at 11:54 AM, Jennifer Mehl <[email protected]> wrote: > Hello, > > I'm new to mod_wsgi (and I am not a programmer, so please bear with me). I > have a Django/Python application that was written by someone else that I have > deployed using mod_wsgi 3.4 on Ubuntu 14.04LTS with Apache 2.4.7, using the > following in my apache config: > > #Django WSGI > > WSGIScriptAlias / /var/www/transfergateway/myproject/wsgi.py > > WSGIPythonPath /var/www/transfergateway > > <VirtualHost *:443> > > ServerName *redacted* > > <Directory /var/www/transfergateway> > > <Files wsgi.py> > > Order deny,allow > > Allow from all > > </Files> > > </Directory> > > The application is running fine using mod_wsgi and apache. > > However, I want to make this application more secure, so I would like to have > mod_wsgi run in a chroot jail. I created a chroot jail using the > instructions here: https://help.ubuntu.com/community/BasicChroot and copied > the application into /var/chroot/var/www/transfergateway . Then, in the > chroot, I installed python2.7 and used pip install to install the python > packages used in the project (as far as I can tell). > > I have created a new Apache config: > > #test chroot jail for Django WSGI > > WSGISocketPrefix /var/run/wsgi > > <VirtualHost *:443> > > ServerName *redacted* > > WSGIScriptAlias / /var/chroot/var/www/transfergateway/myproject/wsgi.py > > WSGIProcessGroup chroot > > WSGIDaemonProcess chroot user=daemon group=daemon processes=2 threads=25 > chroot=/var/chroot > > <Directory /var/chroot/var/www/transfergateway/myproject/> > > <Files wsgi.py> > > Order deny,allow > > Allow from all > > </Files> > > </Directory> > > > > But I am getting the following errors in the Apache error log upon startup: > > > Target WSGI script '/var/www/transfergateway/myproject/wsgi.py' cannot be > loaded as Python module. > > Exception occurred processing WSGI script > '/var/www/transfergateway/myproject/wsgi.py'. > > Traceback (most recent call last): > > File "/var/www/transfergateway/myproject/wsgi.py", line 29, in <module> > > from django.core.wsgi import get_wsgi_application > > File "/usr/local/lib/python2.7/dist-packages/django/core/wsgi.py", line 1, in > <module> > > from django.core.handlers.wsgi import WSGIHandler > > File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/wsgi.py", > line 9, in <module> > > from django import http > > File "/usr/local/lib/python2.7/dist-packages/django/http/__init__.py", line > 1, in <module> > > from django.http.cookie import SimpleCookie, parse_cookie > > File "/usr/local/lib/python2.7/dist-packages/django/http/cookie.py", line 3, > in <module> > > from django.utils.encoding import force_str > > File "/usr/local/lib/python2.7/dist-packages/django/utils/encoding.py", line > 4, in <module> > > import datetime > > > ImportError: No module named datetime > > > > I appreciate any advice on what I am doing wrong here. Do I have my chroot > set up properly? Do I need to do anything with permissions on /var/chroot or > /var/chroot/var/www/transfergateway? Do I need to run mod_wsgi as a > different user than daemon? > > > > thanks in advance for any help! > > --Jennifer > > > > -- > You received this message because you are subscribed to the Google Groups > "modwsgi" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/modwsgi. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/modwsgi. For more options, visit https://groups.google.com/d/optout.
