From: Jacques Gelinas (jack_at_solucorp.qc.ca)
Date: Wed 11 Sep 2002 - 01:38:41 BST
On Mon, 9 Sep 2002 15:02:45 -0500, BrandonHoult wrote
> Had this problem a while back was caused by different versions of the
> library, could bypass by ssh to vserver or upgrade to same libraries
> inside and out. Here is a copy of the relavent e-mail
Yes this is right and I just fixed the problem. Well, 0.20 (which is out) kind of fix
the problem.
> ------------------
>
> Hi!
>
> BrandonHoult wrote:
> > Do the libraries have to be identical inside and out? If so that seems
>
> Good point! I don't use redhat, so I don't have this problems.
The problem is not related to redhat. All linux distro have this problem.
The problem is that capchroot is linked dynamically and further, loads some
pluggin at runtime (the Name Service Switch runtime pluggin) when it accesses
the user account (vserver xxx suexec some_user command ...)
So you have this dynamically linked executable which is using dynamic pluggins
(oxymoron ?) to access the /etc/passwd file. So it starts in the root server, perform
a chroot and then loads its pluggin. Unfortunatly, the NSS pluggins found on the
vserver may be incompatible with the NSS library in the root server.
The trick to overcome the situation was to force the loading of the pluggin
by issuing a simple
getpwnam ("root")
before doing the chroot. The loads the pluggins in memory and they are available
after the chroot. Kind of a kludge.
The real solution would be to use the su command on the other side of the
chroot to switch user.
> ***********************************************************
> To promote distribution independence I think this should be fixed
> upstream. (Are you reading, Jacques? :))
> ***********************************************************
It can't because upstream does not know about users downstream.
> -----------------------------
> capchroot: capchroot.cc syscall.o
> gcc $(GCCOPTS) -DVERSION=\"$(PACKAGE_REV)\" capchroot.cc
> syscall.o -o capchroot \
> -lstdc++
> -----------------------------
>
> with:
>
> ------------------------------
> capchroot: capchroot.cc syscall.o
> gcc $(GCCOPTS) -static -DVERSION=\"$(PACKAGE_REV)\"
> capchroot.cc syscall.o -o capchroot \
> -lstdc++
> -------------------------------
>
> (Note the added "-static" switch to gcc.)
Won't work because the NSS library is using pluggins
---------------------------------------------------------
Jacques Gelinas <jack_at_solucorp.qc.ca>
vserver: run general purpose virtual servers on one box, full speed!
http://www.solucorp.qc.ca/miscprj/s_context.hc