Re: getaddrinfo(3) chroot(2) with root
Denis Fondras wrote: Hello all, I am burning my last neurons with a behavior I can't explain. I wonder why getaddrinfo() fails when called after chroot() with root user. I have this piece of code : ... error = getaddrinfo(rpki.liopen.eu, NULL, NULL, ai_out); if (error) printf(getaddrinfo() failed\n); else printf(getaddrinfo() succeed\n); ... Apart from the other suggestions you got, I'm wandering why don't you try to get more information about the error using the gai_strerror(3) function ? (like in the example of getaddrinfo(3))
Re: getaddrinfo(3) chroot(2) with root
On Wed, May 14, 2014 at 07:41:47PM +0200, Denis Fondras wrote: After chroot, /etc/resolv.conf is no longer available. Thank you very much Ted Vadim. Other daemons like ntpd have a helper process that runs outside chroot and does all of the DNS resolution for them. Ok, I'll look on this side. Thank you, Denis A quick way to solve this (but an administrative headache) is to create etc/resolv.conf in your chroot. -Otto
getaddrinfo(3) chroot(2) with root
Hello all,
I am burning my last neurons with a behavior I can't explain. I wonder
why getaddrinfo() fails when called after chroot() with root user.
I have this piece of code :
/*--- test.c ---*/
#include sys/types.h
#include stdio.h
#include sys/socket.h
#include netdb.h
#include pwd.h
int main(int argc, char *argv[])
{
struct addrinfo *ai_out;
struct passwd *pw;
int error;
pw = getpwnam(_bgpd);
error = getaddrinfo(rpki.liopen.eu, NULL, NULL, ai_out);
if (error)
printf(getaddrinfo() failed\n);
else printf(getaddrinfo() succeed\n);
chroot(pw-pw_dir);
chdir(/);
error = getaddrinfo(rpki.liopen.eu, NULL, NULL, ai_out);
if (error)
printf(getaddrinfo() failed\n);
else printf(getaddrinfo() succeed\n);
return 0;
}
/*--- test.c ---*/
$ ./a.out
getaddrinfo() succeed
getaddrinfo() succeed
# ./a.out
getaddrinfo() succeed
getaddrinfo() succeed
Everything is good. Now if I compile :
/*--- test.c ---*/
#include sys/types.h
#include stdio.h
#include sys/socket.h
#include netdb.h
#include pwd.h
int main(int argc, char *argv[])
{
struct addrinfo *ai_out;
struct passwd *pw;
int error;
pw = getpwnam(_bgpd);
error = 0
if (error)
printf(getaddrinfo() failed\n);
else printf(getaddrinfo() succeed\n);
chroot(pw-pw_dir);
error = getaddrinfo(rpki.liopen.eu, NULL, NULL, ai_out);
if (error)
printf(getaddrinfo() failed\n);
else printf(getaddrinfo() succeed\n);
return 0;
}
/*--- test.c ---*/
$ ./a.out
getaddrinfo() succeed
getaddrinfo() succeed
# ./a.out
getaddrinfo() succeed
getaddrinfo() failed
If this an expected behavior, what would be the preferred way to resolve
a name from a chrooted process ? I am extending OpenBGPd and I need to
resolve domain names and connect to a service (no BGP protocol). I am
currently using the session process to handle the connection part but
I am stuck on name resolution for now.
Thank you in advance,
Denis
Re: getaddrinfo(3) chroot(2) with root
On 05/14/14 18:57, Denis Fondras wrote:
Hello all,
I am burning my last neurons with a behavior I can't explain. I wonder
why getaddrinfo() fails when called after chroot() with root user.
I have this piece of code :
/*--- test.c ---*/
#include sys/types.h
#include stdio.h
#include sys/socket.h
#include netdb.h
#include pwd.h
int main(int argc, char *argv[])
{
struct addrinfo *ai_out;
struct passwd *pw;
int error;
pw = getpwnam(_bgpd);
error = getaddrinfo(rpki.liopen.eu, NULL, NULL, ai_out);
if (error)
printf(getaddrinfo() failed\n);
else printf(getaddrinfo() succeed\n);
chroot(pw-pw_dir);
chdir(/);
error = getaddrinfo(rpki.liopen.eu, NULL, NULL, ai_out);
if (error)
printf(getaddrinfo() failed\n);
else printf(getaddrinfo() succeed\n);
return 0;
}
/*--- test.c ---*/
$ ./a.out
getaddrinfo() succeed
getaddrinfo() succeed
# ./a.out
getaddrinfo() succeed
getaddrinfo() succeed
Everything is good. Now if I compile :
/*--- test.c ---*/
#include sys/types.h
#include stdio.h
#include sys/socket.h
#include netdb.h
#include pwd.h
int main(int argc, char *argv[])
{
struct addrinfo *ai_out;
struct passwd *pw;
int error;
pw = getpwnam(_bgpd);
error = 0
if (error)
printf(getaddrinfo() failed\n);
else printf(getaddrinfo() succeed\n);
chroot(pw-pw_dir);
error = getaddrinfo(rpki.liopen.eu, NULL, NULL, ai_out);
if (error)
printf(getaddrinfo() failed\n);
else printf(getaddrinfo() succeed\n);
return 0;
}
/*--- test.c ---*/
$ ./a.out
getaddrinfo() succeed
getaddrinfo() succeed
# ./a.out
getaddrinfo() succeed
getaddrinfo() failed
If this an expected behavior, what would be the preferred way to resolve
a name from a chrooted process ? I am extending OpenBGPd and I need to
resolve domain names and connect to a service (no BGP protocol). I am
currently using the session process to handle the connection part but
I am stuck on name resolution for now.
Thank you in advance,
Denis
I wonder if you're using the wrong function. There is gethostbyname for
forward lookups?
Regards,
-peter
Re: getaddrinfo(3) chroot(2) with root
On Wed, May 14, 2014 at 18:57, Denis Fondras wrote: Hello all, I am burning my last neurons with a behavior I can't explain. I wonder why getaddrinfo() fails when called after chroot() with root user. After chroot, /etc/resolv.conf is no longer available. If this an expected behavior, what would be the preferred way to resolve a name from a chrooted process ? I am extending OpenBGPd and I need to resolve domain names and connect to a service (no BGP protocol). I am currently using the session process to handle the connection part but I am stuck on name resolution for now. Other daemons like ntpd have a helper process that runs outside chroot and does all of the DNS resolution for them.
Re: getaddrinfo(3) chroot(2) with root
Le 14/05/2014 19:14, Peter J. Philipp a écrit : I wonder if you're using the wrong function. There is gethostbyname for forward lookups? I read it was deprecated. Denis
Re: getaddrinfo(3) chroot(2) with root
2014-05-14 20:57 GMT+04:00 Denis Fondras open...@ledeuns.net:
Hello all,
I am burning my last neurons with a behavior I can't explain. I wonder
why getaddrinfo() fails when called after chroot() with root user.
I have this piece of code :
/*--- test.c ---*/
#include sys/types.h
#include stdio.h
#include sys/socket.h
#include netdb.h
#include pwd.h
int main(int argc, char *argv[])
{
struct addrinfo *ai_out;
struct passwd *pw;
int error;
pw = getpwnam(_bgpd);
error = getaddrinfo(rpki.liopen.eu, NULL, NULL, ai_out);
if (error)
printf(getaddrinfo() failed\n);
else printf(getaddrinfo() succeed\n);
chroot(pw-pw_dir);
chdir(/);
error = getaddrinfo(rpki.liopen.eu, NULL, NULL, ai_out);
if (error)
printf(getaddrinfo() failed\n);
else printf(getaddrinfo() succeed\n);
return 0;
}
/*--- test.c ---*/
$ ./a.out
getaddrinfo() succeed
getaddrinfo() succeed
# ./a.out
getaddrinfo() succeed
getaddrinfo() succeed
Everything is good. Now if I compile :
/*--- test.c ---*/
#include sys/types.h
#include stdio.h
#include sys/socket.h
#include netdb.h
#include pwd.h
int main(int argc, char *argv[])
{
struct addrinfo *ai_out;
struct passwd *pw;
int error;
pw = getpwnam(_bgpd);
error = 0
if (error)
printf(getaddrinfo() failed\n);
else printf(getaddrinfo() succeed\n);
chroot(pw-pw_dir);
error = getaddrinfo(rpki.liopen.eu, NULL, NULL, ai_out);
if (error)
printf(getaddrinfo() failed\n);
else printf(getaddrinfo() succeed\n);
return 0;
}
/*--- test.c ---*/
$ ./a.out
getaddrinfo() succeed
getaddrinfo() succeed
# ./a.out
getaddrinfo() succeed
getaddrinfo() failed
If this an expected behavior, what would be the preferred way to resolve
a name from a chrooted process ? I am extending OpenBGPd and I need to
resolve domain names and connect to a service (no BGP protocol). I am
currently using the session process to handle the connection part but
I am stuck on name resolution for now.
/etc/resolv.conf is read on the first attempt to resolve something,
no? And, of course, you have no /your/chroot/path/etc/resolv.conf.
--
WBR,
Vadim Zhukov
Re: getaddrinfo(3) chroot(2) with root
After chroot, /etc/resolv.conf is no longer available. Thank you very much Ted Vadim. Other daemons like ntpd have a helper process that runs outside chroot and does all of the DNS resolution for them. Ok, I'll look on this side. Thank you, Denis
