[scponly] chroot under SuSE fails

[Kaleb Pederson]

David,

On Sat, Mar 27, 2010 at 7:01 AM, David Kensiski <David at kensiski.org> wrote:
> So I ran strace on the SSH pid and noticed a couple of innocuous
> ENOENTs for files that don't exist in my non-chroot filesystem, and
> the only other one I see is when we actually try to exec scp:
>
> [pid  6468] execve("/usr/bin/scp", ["/usr/bin/scp", "-f",
> "incoming/motd"], [/* 0 vars */]) = -1 ENOENT (No such file or
> directory)
>
> I am attaching the entire truss output in case that helps.  Any
> thoughts about what's going wrong?

Thanks for the great details.

I've seen this error in three different cases.  In no particular order:

1) When the filesystem on which the chroot lives is mounted noexec
2) When SELinux (or something similar) denies access to the exe
3) When one of the required libraries is missing

Some notes on (3).  Most Linux systems allow you to run something like
the following:

ldconfig -r /path/to/chroot -v

You should be able to compare output from the above command with that
of ldd /usr/bin/scp to verify that all the necessary libraries are
installed.

--
Kaleb Pederson

Blog - http://kalebpederson.com
Twitter - http://twitter.com/kalebpederson