LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 01-30-2013, 02:46 PM   #1
Laertiades
Member
 
Registered: Jul 2012
Location: Pacific Northwest
Distribution: Arch
Posts: 57

Rep: Reputation: Disabled
how to access unix socket from within chroot jail


I have a server running nginx from within a chroot jail. Nginx is able to connect to fastCGI with the following lines:

from nginx.conf:
fastcgi_pass 127.0.0.1:9000;

from php-fpm.conf:
listen = 127.0.0.1:9000

I want to use a unix socket for the connection with the following lines:

from nginx.conf:
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;

from php-fpm.conf:
listen = /run/php-fpm/php-fpm.sock

Of course nginx can't find the socket from within the jail. My question is: what would be the best way to bring the socket into the jail or link to it somehow? I brought some devices into the jail with the following code:

# export JAIL=/srv/http
# mkdir $JAIL/dev
# mknod -m 0666 $JAIL/dev/null c 1 3
# mknod -m 0666 $JAIL/dev/random c 1 8
# mknod -m 0444 $JAIL/dev/urandom c 1 9

would something similar work with the unix socket?
 
Old 01-31-2013, 03:30 AM   #2
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 2,048

Rep: Reputation: 522Reputation: 522Reputation: 522Reputation: 522Reputation: 522Reputation: 522
You might look into putting the socket somewhere else, and using a bind mount to tie the "somewhere else" into the jail directory tree. I think it would work then.
 
Old 01-31-2013, 03:50 AM   #3
linosaurusroot
Member
 
Registered: Oct 2012
Distribution: OpenSuSE,RHEL,Fedora,OpenBSD
Posts: 753
Blog Entries: 2

Rep: Reputation: 194Reputation: 194
I think I've copied sockets with cpio. dump/restore would definitely do it. Or just create a new one - "man perlipc" has details including code fragments that should help.
 
Old 01-31-2013, 04:29 AM   #4
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 2,048

Rep: Reputation: 522Reputation: 522Reputation: 522Reputation: 522Reputation: 522Reputation: 522
copying the file path is not the same as having two processes, one within a jail and one outside, communicating.
 
Old 01-31-2013, 05:57 AM   #5
linosaurusroot
Member
 
Registered: Oct 2012
Distribution: OpenSuSE,RHEL,Fedora,OpenBSD
Posts: 753
Blog Entries: 2

Rep: Reputation: 194Reputation: 194
Quote:
Originally Posted by jpollard View Post
copying the file path is not the same as having two processes, one within a jail and one outside, communicating.
Copying the file path to inside the chroot is the usual precursor to having two processes communicating.
 
Old 01-31-2013, 07:59 AM   #6
Laertiades
Member
 
Registered: Jul 2012
Location: Pacific Northwest
Distribution: Arch
Posts: 57

Original Poster
Rep: Reputation: Disabled
thanks for replies

Thank you linosaurusroot and jpollard. I got it to work by simply reconfiguring php-fpm to create the socket inside the jail. I had to override a path prefix in the php-fpm.conf file. I had to do the same with mysql. My only question now is whether this is the most secure solution. If you have any insights I would be interested. If not, Thank you for your time and help so far.
 
  


Reply

Tags
chroot jail, nginx, php, socket


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Chroot / Jail configuration for SFTP with write access to /var/www/html daseagle Linux - Server 3 04-15-2012 07:20 PM
[SOLVED] Chroot jail or Root jail bayprince Linux - Newbie 3 07-25-2011 07:43 PM
how to call access out side the chroot jail files from the apache swamyvnvs Linux - Security 3 04-06-2010 11:23 AM
[SOLVED] chroot jail problem: 'empty' jail MatrixS_Master Linux - Security 4 03-27-2010 06:25 AM
Chroot jail user can't access internet proximity Linux - Security 12 06-27-2007 02:52 PM


All times are GMT -5. The time now is 11:46 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration