LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (http://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   how to access unix socket from within chroot jail (http://www.linuxquestions.org/questions/linux-newbie-8/how-to-access-unix-socket-from-within-chroot-jail-4175447886/)

Laertiades 01-30-2013 02:46 PM

how to access unix socket from within chroot jail
 
I have a server running nginx from within a chroot jail. Nginx is able to connect to fastCGI with the following lines:

from nginx.conf:
fastcgi_pass 127.0.0.1:9000;

from php-fpm.conf:
listen = 127.0.0.1:9000

I want to use a unix socket for the connection with the following lines:

from nginx.conf:
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;

from php-fpm.conf:
listen = /run/php-fpm/php-fpm.sock

Of course nginx can't find the socket from within the jail. My question is: what would be the best way to bring the socket into the jail or link to it somehow? I brought some devices into the jail with the following code:

# export JAIL=/srv/http
# mkdir $JAIL/dev
# mknod -m 0666 $JAIL/dev/null c 1 3
# mknod -m 0666 $JAIL/dev/random c 1 8
# mknod -m 0444 $JAIL/dev/urandom c 1 9

would something similar work with the unix socket?

jpollard 01-31-2013 03:30 AM

You might look into putting the socket somewhere else, and using a bind mount to tie the "somewhere else" into the jail directory tree. I think it would work then.

linosaurusroot 01-31-2013 03:50 AM

I think I've copied sockets with cpio. dump/restore would definitely do it. Or just create a new one - "man perlipc" has details including code fragments that should help.

jpollard 01-31-2013 04:29 AM

copying the file path is not the same as having two processes, one within a jail and one outside, communicating.

linosaurusroot 01-31-2013 05:57 AM

Quote:

Originally Posted by jpollard (Post 4881224)
copying the file path is not the same as having two processes, one within a jail and one outside, communicating.

Copying the file path to inside the chroot is the usual precursor to having two processes communicating.

Laertiades 01-31-2013 07:59 AM

thanks for replies
 
Thank you linosaurusroot and jpollard. I got it to work by simply reconfiguring php-fpm to create the socket inside the jail. I had to override a path prefix in the php-fpm.conf file. I had to do the same with mysql. My only question now is whether this is the most secure solution. If you have any insights I would be interested. If not, Thank you for your time and help so far.


All times are GMT -5. The time now is 01:56 AM.