SUMMARY: Chroot'ed Sendmail but no more Syslog
2007-12-24 21:52:00
daemon, but I needed to have the proper devices in the jail. Here are the
devices and files I added to make it work properly:
/dev/conslog
/dev/udp
/dev/tcp
/etc/default/init
/usr/platform/SUNW,UltraSPARC-IIi-cEngine/lib/libc_psr.so.1
/usr/share/lib/zoneinfo/US/Pacific
The /etc/defaul/init and time zone files are needed in order for the
timestamps to be correct in the log. From what I can tell, /dev/conslog was
the one critical to making it work. Note also that these files are no
longer necessary under the 'chroot' environment (messages get logged to the
normal /var/log/syslog):
/var/log/syslog
/var/adm/messages
/dev/console
/dev/log
/dev/sysmsg
Cheers!
--Fabrice
------------------ My Original Message ------------------
>Sun Gods:
>
>I successfully created a chroot(1M) environment to run a secure instance of
>Sendmail 8.12.1. Unfortunately, the negative side effect of this was that I
>stopped getting log messages via syslogd(1M) from Sendmail (silly me, I
>thought Sendmail would just send its log messages to the UDP port 514).
>
>So, I tried to migrate the syslogd daemon to a chroot environment as well,
>copying the necessary files as indicated below. Alas, syslogd does start
>and (apparently) reads its configuration file correctly (as evidenced by
>starting the daemon with the "-d" flag), but no message ever gets logged
>from Sendmail. I know that syslogd *can* log messages, because when I kill
>the daemon, I to get a message (the only one I ever get):
>
> Feb 11 19:39:41 sparky syslogd: going down on signal 2
>
>Here are the files I copied:
>
> # cd /var/chroot/sendmail/
> # cp -p /usr/sbin/syslogd usr/sbin/
> # cp -p /etc/services etc/
> # cp -p /etc/syslog.conf etc/
> # cp -p /usr/ccs/bin/m4 usr/ccs/bin/
> # cp -p /usr/lib/libc.so.1 usr/lib/
> # cp -p /usr/lib/libdl.so.1 usr/lib/
> # cp -p /usr/lib/libdoor.so.1 usr/lib/
> # cp -p /usr/lib/libmp.so.2 usr/lib/
> # cp -p /usr/lib/libnsl.so.1 usr/lib/
> # cp -p /usr/lib/libpthread.so.1 usr/lib/
> # cp -p /usr/lib/libthread.so.1 usr/lib/
> # mkdir var/log
> # touch var/log/syslog
> # mkdir var/adm
> # touch var/adm/messages
> # mknod dev/console c 0 0
> # mknod dev/udp c 11 41
> # mknod dev/null c 13 2
> # mknod dev/zero c 13 12
> # mknod dev/log c 21 5
> # mknod dev/sysmsg c 97 0
> # chown root:tty dev/console
> # chown root:sys dev/udp dev/null dev/zero dev/log dev/sysmsg
> # chmod 620 dev/console
> # chmod 666 dev/udp dev/null dev/zero
> # chmod 640 dev/log
> # chmod 600 dev/sysmsg
>
>Has anyone successfully accomplished this feat before? Even if you haven't,
>I'll accept any suggestions.
+===========================================================+
| Fabrice Guirini Blue Martini Software, Inc. |
| Senior Operations Engineer 2600 Campus Drive |
| Tel: (650) 356-7576 San Mateo, CA 94403-2522 |
| Fax: (650) 356-4001 www.bluemartini.com |
+===========================================================+
Comments
Got something to say?
You must be logged in to post a comment.
