Tomcat unable to access DNS in chroot

flatpaw · 04-28-2006, 07:32 AM

Hi

I'm developing a web application that needs to download files (docs, pdfs, anything really) from their URLs. The code uses java.net.URL.openStream() to connect to the URLs and perform the download. I've had the application running fine on Tomcat, but have recently moved Tomcat into a chroot jail and now the download functionality has stopped working. I'm getting a java.net.UnknownHostException which indicates that the code cannot resolve the hostname in the URL. As the code definitely works outside of the chroot I believe that Tomcat can no longer access DNS when in the chroot. So my question is how can I give Tomcat access to DNS while in the chroot?

Any help would be greatly appreciated.

P.S. I'm new to Linux (and Unix-type systems in general) so please forgive me if this is a daft question.

Thanks

ataraxia · 04-29-2006, 05:00 PM

You need to have an /etc/resolv.conf inside your chroot. You can just copy your real one over.

flatpaw · 05-02-2006, 03:32 AM

Thanks for your reply ataraxia. I tried what you suggested but it didn't work I'm afraid. I even tried mounting the entire /etc directory in the chroot but no success. Presumably whatever uses /etc/resolv.conf would have to be in the chroot too? I have /etc/hosts copied in my chroot and also had to mount /proc in there to fix some other problems I was having. Can you suggest anything else I might be missing?

Thanks again.

ataraxia · 05-02-2006, 05:38 PM

Normally the consumer of resolv.conf is libc. I don't know how Java uses it.

mrcheeks · 05-02-2006, 06:06 PM

If you are able to resolve a host using the ping command the java program should work.

flatpaw · 05-03-2006, 05:24 AM

Thanks for the suggestions. I tried copying ping (and the libraries it needs) into my chroot jail and then running it while chrooted. It works for an IP address but not for a hostname, therefore it must be whatever does the resolution that isn't visible. Is it possible to set up the resolver in a chroot?

flatpaw · 05-03-2006, 09:42 AM

Ok I've managed to solve this. The following are needed in the chroot:

/etc/resolv.config
/etc/nsswitch.config
/lib/libresolv.so.2
/lib/libnss*

Apparently the Name Service Switch (/etc/nsswitch.config) is called first when hostnames are being resolved. From my googling earlier I had actually tried copying this into the chroot but didn't have the required libraries in there too - when pinging you get an error saying that libresolv.so.2 is missing if its not there but nothing if the libnss* libraries are missing so I hadn't realised they were needed.

Thanks for your help.