1 |
We're in the process of setting up an anonymous CVS server for public use. |
2 |
As part of this, I'm running into a few issues related to the chroot and |
3 |
permissions on devices. I can successfully authenticate using: |
4 |
|
5 |
cvs -d :pserver:anonymous@newserver:/repositories login |
6 |
|
7 |
But when I try to check something out, I get: |
8 |
|
9 |
$ cvs -d :pserver:anonymous@newserver:/repositories checkout gentoo-x86 |
10 |
open /dev/null failed |
11 |
Permission denied |
12 |
|
13 |
But the permissions on the chrooted /dev/null device look fine: |
14 |
|
15 |
# ls -alh /chroot/dev/null |
16 |
crwxrwxrwx 1 root root 1, 3 Jan 1 1970 /chroot/dev/null |
17 |
|
18 |
strace gives me: |
19 |
|
20 |
12095 open("/dev/null", O_RDONLY|O_LARGEFILE) = -1 EACCES (Permission denied) |
21 |
12095 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x55ce1000 |
22 |
12095 write(1, "E open /dev/null failed\nerror P"..., 49) = 49 |
23 |
|
24 |
I used cvsd-buildroot to build the chroot....during this process, it |
25 |
complained about devices: |
26 |
|
27 |
creating /chroot/dev devices... FAILED (unable to use devices) |
28 |
|
29 |
The kernel on this box is 2.6.11-hardened-r15 and we're using grsecurity...I |
30 |
kind of suspect that is the problem, but I don't have enough experience |
31 |
with it to troubleshoot. Short of building a new kernel and removing grsec |
32 |
options one by one, can anyone suggest some other things to try? |
33 |
(including those that might not have anything to do w/ grsec) |
34 |
|
35 |
tia. |
36 |
|
37 |
--kurt |