| 1 |
We're in the process of setting up an anonymous CVS server for public use. |
| 2 |
As part of this, I'm running into a few issues related to the chroot and |
| 3 |
permissions on devices. I can successfully authenticate using: |
| 4 |
|
| 5 |
cvs -d :pserver:anonymous@newserver:/repositories login |
| 6 |
|
| 7 |
But when I try to check something out, I get: |
| 8 |
|
| 9 |
$ cvs -d :pserver:anonymous@newserver:/repositories checkout gentoo-x86 |
| 10 |
open /dev/null failed |
| 11 |
Permission denied |
| 12 |
|
| 13 |
But the permissions on the chrooted /dev/null device look fine: |
| 14 |
|
| 15 |
# ls -alh /chroot/dev/null |
| 16 |
crwxrwxrwx 1 root root 1, 3 Jan 1 1970 /chroot/dev/null |
| 17 |
|
| 18 |
strace gives me: |
| 19 |
|
| 20 |
12095 open("/dev/null", O_RDONLY|O_LARGEFILE) = -1 EACCES (Permission denied) |
| 21 |
12095 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x55ce1000 |
| 22 |
12095 write(1, "E open /dev/null failed\nerror P"..., 49) = 49 |
| 23 |
|
| 24 |
I used cvsd-buildroot to build the chroot....during this process, it |
| 25 |
complained about devices: |
| 26 |
|
| 27 |
creating /chroot/dev devices... FAILED (unable to use devices) |
| 28 |
|
| 29 |
The kernel on this box is 2.6.11-hardened-r15 and we're using grsecurity...I |
| 30 |
kind of suspect that is the problem, but I don't have enough experience |
| 31 |
with it to troubleshoot. Short of building a new kernel and removing grsec |
| 32 |
options one by one, can anyone suggest some other things to try? |
| 33 |
(including those that might not have anything to do w/ grsec) |
| 34 |
|
| 35 |
tia. |
| 36 |
|
| 37 |
--kurt |
Archives