Solved

chroot problems

Posted on 2006-11-10
27
383 Views
Last Modified: 2008-01-09
I'd like a strong lead on this one please. I'll supply background as it's needed, but a quick overview is that i'm working in a chroot environment since the JVM on Debian stable won't run my Java, so i'm chrooting to unstable, which will. Or rather it would do, if i were not getting the following. I suspect that i may have left out an essential step, but careful review hasn't helped. The following happens with whatever paths i put in apparently:




goose@moodle:~$ dchroot -c sid "java -jar 1and1.jar"
(sid) java -jar 1and1.jar
-su: java -jar 1and1.jar: No such file or directory
dchroot: Child exited non-zero.
dchroot: Operation failed.
0
Comment
Question by:CEHJ
  • 13
  • 13
27 Comments
 

Assisted Solution

by:scrattox
scrattox earned 100 total points
Comment Utility
Is the 1and1.jar file present anywhere in your chroot environment?

Don't forget that when you run in a chroot environment you can only see files inside that environment.

Try copying the 1and1.jar file to the top level of your chroot environment and try running it like this:

dchroot -c sid "java -jar /1and1.jar"

with a forward slash in front of the filename.
0
 
LVL 86

Author Comment

by:CEHJ
Comment Utility
>>Is the 1and1.jar file present anywhere in your chroot environment?

Most certainly, and now twice after your suggestion:

>>Try copying the 1and1.jar file to the top level of your chroot environment and try running it like this:

(which i'm afraid made no difference)

This message is curious:

>>-su: java -jar 1and1.jar: No such file or directory

Why 'su'?
0
 
LVL 34

Accepted Solution

by:
Duncan Roe earned 400 total points
Comment Utility
Instead of copying files, you can use hard links. Your chroot jail must include runtime support (i.e. enough of /lib to run ELF programs like java). This is where hard links really come in useful, at least if if your "sid" directory is in the same filesystem as unstable /lib.
The "No such file or directory" error is probably because the shell trying to invoke java can't see ld.so. Why is that shell -su? I don't know, but then what is dchroot? Maybe it uses su to run its commands.
If you look at java as a text file (type "less java") you'll see imbedded in it a hardcoded path to the ELF loader, e.g. /lib64/ld-linux-x86-64.so.2 in my case (32-bit arch would show /lib/ld-linux.so.2 or similar). This exact path has to be accessible in the chrooted environment. Any other dynamic libraries that java wants to use have to be accessible as well - but you'll get more explicit error messages if those are missing.
0
 
LVL 86

Author Comment

by:CEHJ
Comment Utility
Interesting Duncan. This is what i did next:

goose@moodle:~$ strings /b/chroots/sid-root/usr/lib/kaffe/pthreads/jre/bin/kaffe-bin | grep ld
/lib/ld-linux.so.2
/tmp/buildd/kaffe-1.1.7/build-tree/kaffe-1.1.7/kaffe/kaffe/main.c
goose@moodle:~$ ls -l $SID/lib/ld-linux.so.2
lrwxrwxrwx  1 root root 11 2006-10-06 18:24 /lib/ld-linux.so.2 -> ld-2.3.2.so
goose@moodle:~$
0
 
LVL 34

Expert Comment

by:Duncan Roe
Comment Utility
Looks like $SID was not set or null when you did that ls -l. Fix & try again.
Don't worry about the source file that strings found - probably compiled with debug on.
0
 
LVL 34

Expert Comment

by:Duncan Roe
Comment Utility
Or ls -l /b/chroots/sid-root/lib/ld-linux.so.2
0
 
LVL 86

Author Comment

by:CEHJ
Comment Utility
No i think it was OK as:

goose@moodle:~$ ls -l /b/chroots/sid-root/lib/ld-linux.so.2
lrwxrwxrwx  1 root root 11 2006-11-09 00:00 /b/chroots/sid-root/lib/ld-linux.so.2 -> ld-2.3.6.so
goose@moodle:~$
0
 
LVL 34

Expert Comment

by:Duncan Roe
Comment Utility
Notice that is different from what you posted last time (2.3.2 becomes 2.3.6).
Repeat with ls -lL to verify that the symlink target actually exists
0
 
LVL 86

Author Comment

by:CEHJ
Comment Utility
This is what i'm doing now - i wonder if i'm heading in the right direction?

goose@moodle:~$ su -c "chroot /b/chroots/sid-root"
Password:
moodle:/# ldd /usr/lib/kaffe/pthreads/jre/bin/kaffe-bin
        linux-gate.so.1 =>  (0xffffe000)
        libkaffejvmpi-1.1.7.so => /usr/lib/kaffe/pthreads/lib/libkaffejvmpi-1.1.7.so (0x40018000)
        libkaffevm-1.1.7.so => /usr/lib/kaffe/pthreads/jre/lib/i386/libkaffevm-1.1.7.so (0x40021000)
        libdl.so.2 => /lib/tls/libdl.so.2 (0x400d6000)
        libm.so.6 => /lib/tls/libm.so.6 (0x400da000)
        libpthread.so.0 => /lib/tls/libpthread.so.0 (0x400ff000)
        libc.so.6 => /lib/tls/libc.so.6 (0x40111000)
        /lib/ld-linux.so.2 (0x40000000)
moodle:/#
0
 
LVL 86

Author Comment

by:CEHJ
Comment Utility
I'll try what you just posted
0
 
LVL 34

Expert Comment

by:Duncan Roe
Comment Utility
You are showing kaffe when your original post showed java
0
 
LVL 86

Author Comment

by:CEHJ
Comment Utility
Silly of me to miss that difference. Here's what your suggestion revealed:

moodle:/# ls -l /lib/ld-linux.so.2
lrwxrwxrwx 1 root root 11 Nov  9 00:00 /lib/ld-linux.so.2 -> ld-2.3.6.so
moodle:/# ls -lL /lib/ld-linux.so.2
-rwxr-xr-x 1 root root 88164 Nov  5 00:19 /lib/ld-linux.so.2
moodle:/#
0
 
LVL 86

Author Comment

by:CEHJ
Comment Utility
>>You are showing kaffe when your original post showed java

Yes - i'm just moving it nearer to 'the truth' to cut out link/script indirection
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 34

Expert Comment

by:Duncan Roe
Comment Utility
Ok it doesn't look like ld.so missing. Could it be that java is a /bin/sh script but there is no /b/chroots/sid-root/bin/sh?
Your post of 11/12/2006 12:50AM PST was all chroot'd - right?
0
 
LVL 34

Expert Comment

by:Duncan Roe
Comment Utility
Can you try invoking kaffe directly?
0
 
LVL 86

Author Comment

by:CEHJ
Comment Utility
Yes but doesn't my last output mean that the target of the link is missing?

0
 
LVL 86

Author Comment

by:CEHJ
Comment Utility
>>Yes but doesn't my last output mean that the target of the link is missing?

Maybe it doesn't (i haven't used the 'L' option before ;-))

>>Can you try invoking kaffe directly?

Tried that, but i'll try it again

0
 
LVL 34

Expert Comment

by:Duncan Roe
Comment Utility
The target of the link is present, otherwise ls would have reported an error. Also see how the size has changed, from 11 bytes to 88164.
Also the chroot'd ldd showed no problems. Why did you do "su -c" of chroot?
0
 
LVL 86

Author Comment

by:CEHJ
Comment Utility
Yes i see all that.

>>Why did you do "su -c" of chroot?

'goose' not allowed to chroot. If and when i get this working, i'll add that to sudoers
0
 
LVL 34

Expert Comment

by:Duncan Roe
Comment Utility
If a direct invocation of kaffe fails, try "strace -- kaffe <kaffe args>"
0
 
LVL 86

Author Comment

by:CEHJ
Comment Utility
Getting very close now Duncan, are you going to be around later to help with the finishing touches and to collect your laurels?
0
 
LVL 34

Expert Comment

by:Duncan Roe
Comment Utility
Have to go for a bit  - back in an hour or 2
0
 
LVL 34

Expert Comment

by:Duncan Roe
Comment Utility
Ok I'm back - any progress?
0
 
LVL 86

Author Comment

by:CEHJ
Comment Utility
Very good timing! Just got it licked - do you know what was a serious problem? Placing quotes around my chroot commands! e.g.:

goose@moodle:~$ sudo chroot /b/chroots/sid-root "/bin/bash /home/goose/scripts/java-dns.sh"
chroot: cannot run command `/bin/bash /home/goose/scripts/java-dns.sh': No such file or directory
goose@moodle:~$ sudo chroot /b/chroots/sid-root /bin/bash /home/goose/scripts/java-dns.sh
goose@moodle:~$
0
 
LVL 34

Expert Comment

by:Duncan Roe
Comment Utility
Well there you go
0
 
LVL 34

Expert Comment

by:Duncan Roe
Comment Utility
And "su -c" *does* need quotes, e.g.
  su -c "chroot /sda2 bash"
works fine, but miss out the quotes and you get:
   chroot: too few arguments

What about the Q? You fixed it yourself so could ask for a refund, or give me a C for trying to help, or B or A for making you think. Whatever you decide is fine with me.

Cheers ... Duncan.
0
 
LVL 86

Author Comment

by:CEHJ
Comment Utility
Points coming up. I hope that you're around in the future - you clearly know your stuff with this OS ;-)
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Currently, there is not an RPM package available under the RHEL/Fedora/CentOS distributions that gives you a quick and easy way to allow PHP to interface with Oracle. As a result, I have included a set of instructions on how to do this with minimal …
Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now