Re: getaddrinfo(3) & chroot(2) with root

Wed, 14 May 2014 10:42:37 -0700 

2014-05-14 20:57 GMT+04:00 Denis Fondras <open...@ledeuns.net>:
> Hello all,
>
> I am burning my last neurons with a behavior I can't explain. I wonder
> why getaddrinfo() fails when called after chroot() with root user.
>
>
> I have this piece of code :
>
> /*--- test.c ---*/
> #include <sys/types.h>
> #include <stdio.h>
> #include <sys/socket.h>
> #include <netdb.h>
> #include <pwd.h>
>
> int main(int argc, char *argv[])
> {
>         struct addrinfo *ai_out;
>         struct passwd   *pw;
>         int error;
>
>         pw = getpwnam("_bgpd");
>
>         error = getaddrinfo("rpki.liopen.eu", NULL, NULL, &ai_out);
>         if (error)
>                 printf("getaddrinfo() failed\n");
>         else printf("getaddrinfo() succeed\n");
>
>         chroot(pw->pw_dir);
>         chdir("/");
>
>         error = getaddrinfo("rpki.liopen.eu", NULL, NULL, &ai_out);
>         if (error)
>                 printf("getaddrinfo() failed\n");
>         else printf("getaddrinfo() succeed\n");
>
>         return 0;
> }
> /*--- test.c ---*/
>
> $ ./a.out
> getaddrinfo() succeed
> getaddrinfo() succeed
>
> # ./a.out
> getaddrinfo() succeed
> getaddrinfo() succeed
>
>
>
>
> Everything is good. Now if I compile :
>
> /*--- test.c ---*/
> #include <sys/types.h>
> #include <stdio.h>
> #include <sys/socket.h>
> #include <netdb.h>
> #include <pwd.h>
>
> int main(int argc, char *argv[])
> {
>         struct addrinfo *ai_out;
>         struct passwd   *pw;
>         int error;
>
>         pw = getpwnam("_bgpd");
>
>         error = 0
>         if (error)
>                 printf("getaddrinfo() failed\n");
>         else printf("getaddrinfo() succeed\n");
>
>         chroot(pw->pw_dir);
>
>         error = getaddrinfo("rpki.liopen.eu", NULL, NULL, &ai_out);
>         if (error)
>                 printf("getaddrinfo() failed\n");
>         else printf("getaddrinfo() succeed\n");
>
>         return 0;
> }
> /*--- test.c ---*/
>
> $ ./a.out
> getaddrinfo() succeed
> getaddrinfo() succeed
>
> # ./a.out
> getaddrinfo() succeed
> getaddrinfo() failed
>
>
>
> If this an expected behavior, what would be the preferred way to resolve
> a name from a chrooted process ? I am extending OpenBGPd and I need to
> resolve domain names and connect to a service (no BGP protocol). I am
> currently using the "session" process to handle the connection part but
> I am stuck on name resolution for now.

/etc/resolv.conf is read on the first attempt to resolve something,
no? And, of course, you have no /your/chroot/path/etc/resolv.conf.

--
  WBR,
  Vadim Zhukov

Reply via email to