[uWSGI] trying an unshare setup with php

Thu, 05 Sep 2013 22:14:37 -0700 

I'm trying to jail mediawiki on Linux by using the unshare support in uwsgi.

I want to setup the chroot in /srv/mediawiki, which has /app /var /proc
/dev direcotries. Mediawiki is installed from package in
/usr/share/webapps/mediawiki, and I try to bind mount that to /app


Following are my uwsgi config file and the output of uwsgi when started.
The second mount in exec-post-jail always fails.


[uwsgi]
# todo user,net
unshare = mount,uts,ipc,pid

exec-post-jail = mount /usr/share/zoneinfo %d/usr/share/zoneinfo -o bind,ro
exec-post-jail = mount /usr/share/webapps/mediawiki %d/app -o bind,ro

uid=1000
gid=1000
chroot = %d

force-cwd = /
chdir = /
honour-stdin = true
drop-after-init = true

plugin = php
php-set = date.timezone=Europe/Skopje

php-docroot = %d/app
php-index  = index.php
php-allowed-ext=.php
php-allowed-ext=.inc

master=true
processes=4
cheaper = 1

http = :8989
http-modifier1 = 14

[uWSGI] getting INI configuration from /srv/mediawiki/uwsgi2.ini
open("./php_plugin.so"): No such file or directory [core/utils.c line 3345]
!!! UNABLE to load uWSGI plugin: ./php_plugin.so: cannot open shared object
file: No such file or directory !!!
*** Starting uWSGI 1.9.16-dev-c05e064 (64bit) on [Thu Sep  5 14:34:08 2013]
***
compiled with version: 4.8.1 20130725 (prerelease) on 05 September 2013
14:04:55
os: Linux-3.10.10-1-ARCH #1 SMP PREEMPT Fri Aug 30 11:30:06 CEST 2013
nodename: archless
machine: x86_64
clock source: unix
pcre jit disabled
detected number of CPU cores: 2
current working directory: /srv/mediawiki
detected binary path: /home/damjan/src/uwsgi-git/uwsgi
your processes number limit is 29076
your memory page size is 4096 bytes
detected max file descriptor number: 100000
lock engine: pthread robust mutexes
*** RRDtool library available at 0x152bcc0 ***
uWSGI http bound on :8989 fd 4
uwsgi socket 0 bound to TCP address 127.0.0.1:47568 (port auto-assigned) fd
3
PHP 5.5.3 initialized
uWSGI running as root, you can use --uid/--gid/--chroot options
[linux-namespace] applied unshare() mask: 738328576
running "mount /usr/share/zoneinfo /srv/mediawiki//usr/share/zoneinfo -o
bind,ro" (post-jail)...
running "mount /usr/share/webapps/mediawiki /srv/mediawiki//app -o bind,ro"
(post-jail)...
command "mount /usr/share/webapps/mediawiki /srv/mediawiki//app -o bind,ro"
exited with non-zero code: -1

-- 
damjan

_______________________________________________
uWSGI mailing list
[email protected]
http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi

Reply via email to