In my experience, segfaults in poundctl are almost always caused by the binary for poundctl and pound being compiled from different versions or architectures… Internally the protocol is basically a binary representation of the memory used in pound… So if you use a 32bit poundctl with a 64bin pound, or poundctl from a different version, it’s very likely the internal structures don’t match and badness will ensue.
See other comments inline. Joe From: Joakim Dellrud [mailto:[email protected]] Sent: Wednesday, April 20, 2011 10:57 AM To: [email protected] Subject: [Pound Mailing List] Trouble with Poundctl and segfaults Hello! I have some random and some unrandom questions about Pound. First of all how do you acctually create a working chrootjail for it? I did some work in the area and found this out: Install pound in some way (yum install pound, apt-get install pound etc). Create the folder for the chrootjail: mkdir /var/pound/ Create a structure for pound to work within: mkdir /var/pound/etc/ mkdir /var/pound/dev/ mkdir /var/pound/log/ mkdir /var/pound/lib/ Then copy the libs needed (it is here I'm not sure!) cp /lib/libgcc_s* /var/pound/lib cp /lib/libnss_dns* /var/pound/lib I’d do /lib/libnss_*, also libresolv* Create the following devices (I'm not sure on the "log" device) mknod -m 0644 /var/pound/dev/random c 1 8 mknod -m 0644 /var/pound/dev/urandom c 1 9 mknod -m 0666 /var/pound/dev/null c 1 3 For /dev/log, you want to tell your syslogd to create an additional socket… syslogd –a /var/pound/dev/log, an additional socket for syslog-ng, or $AddUnixListenSocket for rsyslogd. (from outside chroot) Move the default config mv /etc/pound.cfg /var/pound/etc ln -s /var/pound/etc/pound.cfg /etc/pound.cfg You probably want a rudimentary group and passwd file in /etc… Other files you’ll want: host.conf, hosts, ld.so.conf, localtime, nsswitch.conf, resolv.conf Optional create a foundation for some random stuff mkdir /var/pound/var touch /var/pound/var/err500.html touch /var/pound/var/err503.html touch /var/pound/var/err414.html edit the config RootJail /var/pound User "nobody" Group "nobody" Control "/var/pound/pound.ctl" LogFacility local1 LogLevel 0 TimeOut 60 Alive 10 DynScale 1 Once you’ve completed all that do a ldconfig –r /var/pound to update the ld.so.cache file. Be sure to change the file permissions so the pound user can only read, not write. You might also consider setting immutable bits on files the daemon will never change (which would be everything), using chattr. Now to some problems: Im getting segfaults when running poundctl poundctl -c /var/run/pound.ctl 0. http Listener 0.0.0.0:0<http://0.0.0.0:0> a 0. Service active (0) 0. Backend (UNKNOWN):0 active (0 0.000 sec) DEAD Segmentation fault The main pound works fine but the poundctl is giving me trouble. kernel: poundctl[14473]: segfault at 0000000000000000 rip 0000000000000000 rsp 00007fff6435dff0 error 14 What did I do wrong :D? Also is there a more comperhensive guide on howto create a chrootjail for pound? I think I did get it to work but there are no good reading in that area.
