Re: getaddrinfo(3) chroot(2) with root
Denis Fondras wrote: Hello all, I am burning my last neurons with a behavior I can't explain. I wonder why getaddrinfo() fails when called after chroot() with root user. I have this piece of code : ... error = getaddrinfo(rpki.liopen.eu, NULL, NULL, ai_out); if (error) printf(getaddrinfo() failed\n); else printf(getaddrinfo() succeed\n); ... Apart from the other suggestions you got, I'm wandering why don't you try to get more information about the error using the gai_strerror(3) function ? (like in the example of getaddrinfo(3))
Re: getaddrinfo(3) chroot(2) with root
On Wed, May 14, 2014 at 07:41:47PM +0200, Denis Fondras wrote: After chroot, /etc/resolv.conf is no longer available. Thank you very much Ted Vadim. Other daemons like ntpd have a helper process that runs outside chroot and does all of the DNS resolution for them. Ok, I'll look on this side. Thank you, Denis A quick way to solve this (but an administrative headache) is to create etc/resolv.conf in your chroot. -Otto
getaddrinfo(3) chroot(2) with root
Hello all, I am burning my last neurons with a behavior I can't explain. I wonder why getaddrinfo() fails when called after chroot() with root user. I have this piece of code : /*--- test.c ---*/ #include sys/types.h #include stdio.h #include sys/socket.h #include netdb.h #include pwd.h int main(int argc, char *argv[]) { struct addrinfo *ai_out; struct passwd *pw; int error; pw = getpwnam(_bgpd); error = getaddrinfo(rpki.liopen.eu, NULL, NULL, ai_out); if (error) printf(getaddrinfo() failed\n); else printf(getaddrinfo() succeed\n); chroot(pw-pw_dir); chdir(/); error = getaddrinfo(rpki.liopen.eu, NULL, NULL, ai_out); if (error) printf(getaddrinfo() failed\n); else printf(getaddrinfo() succeed\n); return 0; } /*--- test.c ---*/ $ ./a.out getaddrinfo() succeed getaddrinfo() succeed # ./a.out getaddrinfo() succeed getaddrinfo() succeed Everything is good. Now if I compile : /*--- test.c ---*/ #include sys/types.h #include stdio.h #include sys/socket.h #include netdb.h #include pwd.h int main(int argc, char *argv[]) { struct addrinfo *ai_out; struct passwd *pw; int error; pw = getpwnam(_bgpd); error = 0 if (error) printf(getaddrinfo() failed\n); else printf(getaddrinfo() succeed\n); chroot(pw-pw_dir); error = getaddrinfo(rpki.liopen.eu, NULL, NULL, ai_out); if (error) printf(getaddrinfo() failed\n); else printf(getaddrinfo() succeed\n); return 0; } /*--- test.c ---*/ $ ./a.out getaddrinfo() succeed getaddrinfo() succeed # ./a.out getaddrinfo() succeed getaddrinfo() failed If this an expected behavior, what would be the preferred way to resolve a name from a chrooted process ? I am extending OpenBGPd and I need to resolve domain names and connect to a service (no BGP protocol). I am currently using the session process to handle the connection part but I am stuck on name resolution for now. Thank you in advance, Denis
Re: getaddrinfo(3) chroot(2) with root
On 05/14/14 18:57, Denis Fondras wrote: Hello all, I am burning my last neurons with a behavior I can't explain. I wonder why getaddrinfo() fails when called after chroot() with root user. I have this piece of code : /*--- test.c ---*/ #include sys/types.h #include stdio.h #include sys/socket.h #include netdb.h #include pwd.h int main(int argc, char *argv[]) { struct addrinfo *ai_out; struct passwd *pw; int error; pw = getpwnam(_bgpd); error = getaddrinfo(rpki.liopen.eu, NULL, NULL, ai_out); if (error) printf(getaddrinfo() failed\n); else printf(getaddrinfo() succeed\n); chroot(pw-pw_dir); chdir(/); error = getaddrinfo(rpki.liopen.eu, NULL, NULL, ai_out); if (error) printf(getaddrinfo() failed\n); else printf(getaddrinfo() succeed\n); return 0; } /*--- test.c ---*/ $ ./a.out getaddrinfo() succeed getaddrinfo() succeed # ./a.out getaddrinfo() succeed getaddrinfo() succeed Everything is good. Now if I compile : /*--- test.c ---*/ #include sys/types.h #include stdio.h #include sys/socket.h #include netdb.h #include pwd.h int main(int argc, char *argv[]) { struct addrinfo *ai_out; struct passwd *pw; int error; pw = getpwnam(_bgpd); error = 0 if (error) printf(getaddrinfo() failed\n); else printf(getaddrinfo() succeed\n); chroot(pw-pw_dir); error = getaddrinfo(rpki.liopen.eu, NULL, NULL, ai_out); if (error) printf(getaddrinfo() failed\n); else printf(getaddrinfo() succeed\n); return 0; } /*--- test.c ---*/ $ ./a.out getaddrinfo() succeed getaddrinfo() succeed # ./a.out getaddrinfo() succeed getaddrinfo() failed If this an expected behavior, what would be the preferred way to resolve a name from a chrooted process ? I am extending OpenBGPd and I need to resolve domain names and connect to a service (no BGP protocol). I am currently using the session process to handle the connection part but I am stuck on name resolution for now. Thank you in advance, Denis I wonder if you're using the wrong function. There is gethostbyname for forward lookups? Regards, -peter
Re: getaddrinfo(3) chroot(2) with root
On Wed, May 14, 2014 at 18:57, Denis Fondras wrote: Hello all, I am burning my last neurons with a behavior I can't explain. I wonder why getaddrinfo() fails when called after chroot() with root user. After chroot, /etc/resolv.conf is no longer available. If this an expected behavior, what would be the preferred way to resolve a name from a chrooted process ? I am extending OpenBGPd and I need to resolve domain names and connect to a service (no BGP protocol). I am currently using the session process to handle the connection part but I am stuck on name resolution for now. Other daemons like ntpd have a helper process that runs outside chroot and does all of the DNS resolution for them.
Re: getaddrinfo(3) chroot(2) with root
Le 14/05/2014 19:14, Peter J. Philipp a écrit : I wonder if you're using the wrong function. There is gethostbyname for forward lookups? I read it was deprecated. Denis
Re: getaddrinfo(3) chroot(2) with root
2014-05-14 20:57 GMT+04:00 Denis Fondras open...@ledeuns.net: Hello all, I am burning my last neurons with a behavior I can't explain. I wonder why getaddrinfo() fails when called after chroot() with root user. I have this piece of code : /*--- test.c ---*/ #include sys/types.h #include stdio.h #include sys/socket.h #include netdb.h #include pwd.h int main(int argc, char *argv[]) { struct addrinfo *ai_out; struct passwd *pw; int error; pw = getpwnam(_bgpd); error = getaddrinfo(rpki.liopen.eu, NULL, NULL, ai_out); if (error) printf(getaddrinfo() failed\n); else printf(getaddrinfo() succeed\n); chroot(pw-pw_dir); chdir(/); error = getaddrinfo(rpki.liopen.eu, NULL, NULL, ai_out); if (error) printf(getaddrinfo() failed\n); else printf(getaddrinfo() succeed\n); return 0; } /*--- test.c ---*/ $ ./a.out getaddrinfo() succeed getaddrinfo() succeed # ./a.out getaddrinfo() succeed getaddrinfo() succeed Everything is good. Now if I compile : /*--- test.c ---*/ #include sys/types.h #include stdio.h #include sys/socket.h #include netdb.h #include pwd.h int main(int argc, char *argv[]) { struct addrinfo *ai_out; struct passwd *pw; int error; pw = getpwnam(_bgpd); error = 0 if (error) printf(getaddrinfo() failed\n); else printf(getaddrinfo() succeed\n); chroot(pw-pw_dir); error = getaddrinfo(rpki.liopen.eu, NULL, NULL, ai_out); if (error) printf(getaddrinfo() failed\n); else printf(getaddrinfo() succeed\n); return 0; } /*--- test.c ---*/ $ ./a.out getaddrinfo() succeed getaddrinfo() succeed # ./a.out getaddrinfo() succeed getaddrinfo() failed If this an expected behavior, what would be the preferred way to resolve a name from a chrooted process ? I am extending OpenBGPd and I need to resolve domain names and connect to a service (no BGP protocol). I am currently using the session process to handle the connection part but I am stuck on name resolution for now. /etc/resolv.conf is read on the first attempt to resolve something, no? And, of course, you have no /your/chroot/path/etc/resolv.conf. -- WBR, Vadim Zhukov
Re: getaddrinfo(3) chroot(2) with root
After chroot, /etc/resolv.conf is no longer available. Thank you very much Ted Vadim. Other daemons like ntpd have a helper process that runs outside chroot and does all of the DNS resolution for them. Ok, I'll look on this side. Thank you, Denis