Hi,

I've just started with openbsd ....
I've seen that the default httpd is chrooted, but I need Apache 2.2.

So installed the pkg ... I see it running a s _apache2 user ... but I didn't understood if actually is under chroot or not.

Do we have to chroot it manually?.

I guess is the same for the mysql pkg right??

thanks

Hi,

I've just started with openbsd ....
I've seen that the default httpd is chrooted, but I need Apache 2.2.

So installed the pkg ... I see it running a s _apache2 user ... but I didn't understood if actually is under chroot or not.

Do we have to chroot it manually?.

I guess is the same for the mysql pkg right??

thanks

Of course you have to do it manually. Most OpenBSD users who use Apache
use the 1.3 which is in base (it is chrooted) and for all practical purposes a secure fork of Apache 1.3 server. Apache 2.2 has license problems and my understanding that OpenBSD people do not like it very much but if you have to use some of the new fancy features which Apache 1.3 doesn't have than you have to do what you have to do.

mmm I see.

well ... I need load balancing on mongrel (rails) .... I don't see a way to get it with apache 1.3, right?

May I ask if also mysql must be chrooted?
looks like mysql_safe does already some fix (and I did a safe_install removing test etc. etc.)

The package message for apache-httpd-2.2.8 says:This package provides an unaudited version of apache. For security
reasons, users are STRONGLY encouraged to use the system httpd(8)
instead, if at all possible.If you must use this unaudited port, you will be responsible for setting up a chrooted environment, if you wish to do so.

Your SQL client libraries, and any other executable code required with your webserver, must be available in your chrooted environment. See FAQ 10.16 for guidance.

Your SQL server, if connected via TCP, need not be chrooted, nor even on the same server.

I'm sorry ... I need a little help on this one....

I've done my chroot dir in /var/chroot/http.

Copy all the lib, config files, dev/log dev/null etc. etc. but my http2 won't start ... the error_log says

[crit] (6)Device not configured: apr_proc_detach failed

I'm trying to understand what's going on doing a ktrace/kdump, grepping on open ... but in my dump I don't get any symbols ... just hex addrs like

... open(oxcfbc2,0,0)

Any idea on how to get a dump with simbols?
Do I need to re-compile http2?

Thanks

nevermind ... it's something else....
I was grepping for "open" instead of NAM|open ...

anyhow ... it's a wird failure, the last line of the kdump is a sigprocmask and then a exit(0).

should be some device ... but I made the /dev/null, /dev/random, /dev/urandom into the chroot directory...

:-((

Ok,

just in case someone can help me ..
the error is apparently due to /dev/crypto.

I made the mknod under /jail/dev/ .... and it's there.

but from kdump it says:

"open -1 errno 6 Device not configured"

.....

totally lost.
Any idea?

Thanks

/dev/crypto and /dev/random are related to "hardware" cryptography devices, I have to believe you've configured something incorrectly.

well ... yes I guess.

but httpd2 does try to get /dev/crypto from the ktrace .. and also in the apache2 conf there is something about that for SSL (see the last part of http.conf).

I've tried also commenting out the SSL loadmodule ... but still same error 6 device not configured.

oh boy .. looks like I'm not able to get this chroot working for apache2 ...
I'll try to see if using mod_chroot I'm more lucky ...

Rather than attempting to build /dev or /usr piecemeal, you could replicate them in their entirety. In this way, you will learn if Apache2 can run chrooted or not.

I have never used the application, but I have noted that grepping for "chroot" in the package documentation and man pages comes up empty.