data segment limited in chroot?
finlay.mcwalter_at_gmail.com
Date: 10/07/05
- Next message: Rossz: "iptables: DROP or REJECT?"
- Previous message: Robert Nichols: "Re: Iptables problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 6 Oct 2005 15:38:47 -0700
I'm trying to run the boinc client (seti@home etc.) as an unprivileged
account in a chroot jail. Doing so appears to give the boinc client
in the jail too little memory.
I realise that the best idea is to patch boinc to work like bind, i.e.
to do the requisite chroot(2) and setuid(2) calls itself after it
has started. I'd prefer, however, (at least in the interim) to
distribute a
shellscript to do an equivalent job: so I was hoping to achieve an
acceptable
outcome using standard, shellscript-accessible tools.
The problem I'm experiencing is that the jailed process seems to have
too low a limit set for its max data segment size. When chrooted,
boinc
complains that it only has 64000000 of "memory" (which I take to be
data segment size - I guess it tried to malloc more and failed). I
confess I don't know anything about manipulating the limits on a
process' memory (bar bash's ulimit -v, and I _really_ don't want bash
in the jail).
I experience the same problem when using the standard chroot(8) and
Wietse Venema's chrootuid.
Techie details:
- the jail is pretty minimalist - just copies of exactly the libraries
boinc needs in /lib, and /etc only has resolv.conf and hosts. There's
an empty /tmp directory, and the boinc binary and its datafiles.
- I'm running an up-to-date Ubuntu Hoary (kernel 2.6.10-5)
I'd appreciate any advice, or any necessary tellings-off for not
having read some important manpage.
Thanks,
FIn
- Next message: Rossz: "iptables: DROP or REJECT?"
- Previous message: Robert Nichols: "Re: Iptables problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
