Morning Glen, Stuart all, yep ... Stuarts comments re chroot glamping vs chroot jails made me gigle all right...
the way I think I have it working is that smokeping and rrdcached are running outside the jail with symbolic links to sockets inside the httpd chroot jail /var/www/... and httpd picks up those sockets and plays with them inside the jail... relevant output from my ps -aux list USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND _smokepi 98525 9.7 1.3 98040 111580 ?? S 6:31AM 1:03.00 /usr/bin/perl /usr/local/bin/smokeping_cgi /etc/smokeping/config _rrdcach 67082 0.0 0.1 9272 7952 ?? S 6:31AM 0:03.21 /usr/local/bin/rrdcached -b /var/db/smokeping -B -m 770 -l unix:/var/www/run/rrd _smokepi 25394 0.0 0.1 43244 10536 ?? I 6:31AM 0:00.03 /usr/bin/perl /usr/local/bin/smokeping _smokepi 57899 0.0 0.3 43752 21276 ?? S 6:31AM 0:01.31 perl: /usr/local/bin/smokeping [FPing] (perl) _smokepi 74710 0.4 0.3 43244 21480 ?? S 6:31AM 0:03.49 perl: /usr/local/bin/smokeping [DNS] (perl) _smokepi 76253 0.2 0.0 2892 2916 ?? Sp 6:47AM 0:00.15 /usr/local/sbin/fping -C 61 -q -B1 -r1 -b64 -t125 -i10 -p1 10.20.127.2 10.139.25....... when I get around to it ... I would like rrdcached and smokeping in another / separate glamping site / luxury chroot jail to the cgi binary... Comments thoughts welcome ... On Wed, 8 Mar 2023 at 19:26, Glen Gunsalus <g-gunsa...@mindspring.com> wrote: > > > On 3/7/23 15:33, Stuart Henderson wrote: > > On 2023-03-07, Glen Gunsalus <g-gunsa...@mindspring.com> wrote: > >> To get this running cp'd perl (/usr/bin/perl) and relevant perl libs > >> (/usr/lib/[libs.so|libm.so|libperl.so] /usr/libexec/ld.so) to > >> /var/www/usr/[bin|lib|libexec] > > > > You shouldn't need that bit (and it is safer not to) - smokeping_fcgi > > does not chroot. > > > > > Hmm, I did this on the basis of a post by you (5/11/20) in response to Tom > (5/10/20) which I interpreted as needing several files moved into www "jail." > > ----------------quote-------------------------- > bgplg is designed to run in a jail, it is a small C program and even > then it needs specially compiled versions of the external dependencies > (ping, bgpctl etc). > > Smokeping isn't - if you want to run the graph generating part of > smokeping (i.e. the cgi/fcgi script) inside a chroot jail, a whole lot > more is needed - a copy of perl and various modules, rrdtool, > rrdtool's library dependencies, fonts, and I think there were config > files for some of the libraries. I did this in the past but it's a > real mess and easy to break at update time, and the amount of things > copied in means that the chroot ends up more as "luxury camping" than > "jail" 😉 > ----------------end quote------------------- > > I had been running smokeping and mrtg with apache for a number of years, but > when OpenBSD abandoned apache I looked at nginx for transition then httpd > came along and looked both more attractive and likely to be more long lived > under OpenBSD. > > It was Tom's post that got me started down the httpd path. I have been > running with httpd since that time. > I can't remember the details, but think I initially tried w/o the cp'd files, > but was not successful so began incrementally moving goodies into /var/www > until it worked. > I will try rm'ing or mv'ing those in /var/www and see how it goes. > > Thanks for your help. > > Regards, Glen > -- Kindest regards, Tom Smyth.
