[scponly] chroot under SuSE fails
David Kensiski
David at Kensiski.org
Tue Mar 30 13:14:56 EDT 2010
Turned out to be option (3) for a missing ld-linux-x86-64.so.2, which
then exposed a missing libnss_compat.so.2. Once those were installed,
all worked as advertised!
Thanks for the help, Kaleb!
--Dave
On Tue, Mar 30, 2010 at 9:04 AM, Kaleb Pederson
<kaleb.pederson at gmail.com> wrote:
> David,
>
> On Sat, Mar 27, 2010 at 7:01 AM, David Kensiski <David at kensiski.org> wrote:
>> So I ran strace on the SSH pid and noticed a couple of innocuous
>> ENOENTs for files that don't exist in my non-chroot filesystem, and
>> the only other one I see is when we actually try to exec scp:
>>
>> [pid 6468] execve("/usr/bin/scp", ["/usr/bin/scp", "-f",
>> "incoming/motd"], [/* 0 vars */]) = -1 ENOENT (No such file or
>> directory)
>>
>> I am attaching the entire truss output in case that helps. Any
>> thoughts about what's going wrong?
>
> Thanks for the great details.
>
> I've seen this error in three different cases. In no particular order:
>
> 1) When the filesystem on which the chroot lives is mounted noexec
> 2) When SELinux (or something similar) denies access to the exe
> 3) When one of the required libraries is missing
>
> Some notes on (3). Most Linux systems allow you to run something like
> the following:
>
> ldconfig -r /path/to/chroot -v
>
> You should be able to compare output from the above command with that
> of ldd /usr/bin/scp to verify that all the necessary libraries are
> installed.
>
> --
> Kaleb Pederson
>
> Blog - http://kalebpederson.com
> Twitter - http://twitter.com/kalebpederson
>
More information about the scponly
mailing list