in chroot -- convert: can't load library ...
Hello! I'm playing with a fresh install of OpenBSD 3.7 running Apache in a chroot jail (/var/www/). My website requires ImageMagick to generate thumbnails and scaled images, so I installed the ImageMagick-6.0.0-2p3-no_x11.tgz package. I copied /usr/local/bin/convert into /var/www/bin/. Accordingly, I set up an environment for convert with the hierarchy of all its dynamic library dependencies retrieved from ldd: /usr/local/bin/convert: StartEnd Type Ref Name exe 1 /usr/local/bin/convert 05782000 2581e000 rlib 1 /usr/local/lib/libMagick.so.6.1 01eb6000 21ebc000 rlib 2 /usr/local/lib/libjbig.so.1.2 0f64e000 2f659000 rlib 2 /usr/local/lib/liblcms.so.1.12 0f91c000 2f93f000 rlib 2 /usr/local/lib/libtiff.so.36.1 04aa5000 24ab4000 rlib 2 /usr/local/lib/libjasper.so.1.0 018eb000 218f1000 rlib 2 /usr/local/lib/libjpeg.so.62.0 04d4e000 24d55000 rlib 2 /usr/local/lib/libpng.so.4.1 0b40d000 2b411000 rlib 2 /usr/local/lib/libbz2.so.10.2 009b7000 209ea000 rlib 2 /usr/local/lib/libxml2.so.9.0 0245b000 22537000 rlib 2 /usr/local/lib/libiconv.so.4.0 0a49b000 2a4a3000 rlib 3 /usr/lib/libz.so.4.0 0df8 2df87000 rlib 4 /usr/lib/libm.so.2.0 056bb000 256f2000 rlib 1 /usr/lib/libc.so.34.2 0aa86000 0aa86000 rtld 1 /usr/libexec/ld.so However, convert does not seem to find those libraries. Additionally, convert complains about a different library every time it is run inside the chroot. For example: # convert convert: can't load library 'libtiff.so.36.1' # convert convert: can't load library 'libpng.so.4.1' # convert convert: can't load library 'libjbig.so.1.2' # convert convert: can't load library 'libpng.so.4.1' # convert convert: can't load library 'libbz2.so.10.2' # convert convert: can't load library 'liblcms.so.1.12' # convert convert: can't load library 'libjasper.so.1.0' # convert convert: can't load library 'libxml2.so.9.0' What must I do for convert to find those libraries and run successfully? Thanks for any feedback! Serban Giuroiu http://javatheory.net Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: in chroot -- convert: can't load library ...
Hey, Dennis. I moved the libs into usr/lib/ in the chroot as you recommended, created var/run/ in the chroot, and ran ldconfig, leaving ld.so.hints in var/run/. After copying over some other ImageMagick files, convert runs without any problems. Thanks! --- Dennis Nasarov <[EMAIL PROTECTED]> wrote: > Hello Serban, > > Try to put libraries libtiff libpng etc... in > $CHROOT/usr/lib and > check the $CHROOT/usr/libexec/ld.so.hints is > presented :) > > Hope it helps... :) > > Friday, May 27, 2005, 10:03:37 AM, you wrote: > > > Hello! > > > I'm playing with a fresh install of OpenBSD 3.7 > > running Apache in a chroot jail (/var/www/). My > > website requires ImageMagick to generate > thumbnails > > and scaled images, so I installed the > > ImageMagick-6.0.0-2p3-no_x11.tgz package. I copied > > /usr/local/bin/convert into /var/www/bin/. > > Accordingly, I set up an environment for convert > with > > the hierarchy of all its dynamic library > dependencies > > retrieved from ldd: > > > > /usr/local/bin/convert: > > StartEnd Type Ref Name > > exe 1 > > /usr/local/bin/convert > > 05782000 2581e000 rlib 1 > > /usr/local/lib/libMagick.so.6.1 > > 01eb6000 21ebc000 rlib 2 > > /usr/local/lib/libjbig.so.1.2 > > 0f64e000 2f659000 rlib 2 > > /usr/local/lib/liblcms.so.1.12 > > 0f91c000 2f93f000 rlib 2 > > /usr/local/lib/libtiff.so.36.1 > > 04aa5000 24ab4000 rlib 2 > > /usr/local/lib/libjasper.so.1.0 > > 018eb000 218f1000 rlib 2 > > /usr/local/lib/libjpeg.so.62.0 > > 04d4e000 24d55000 rlib 2 > > /usr/local/lib/libpng.so.4.1 > > 0b40d000 2b411000 rlib 2 > > /usr/local/lib/libbz2.so.10.2 > > 009b7000 209ea000 rlib 2 > > /usr/local/lib/libxml2.so.9.0 > > 0245b000 22537000 rlib 2 > > /usr/local/lib/libiconv.so.4.0 > > 0a49b000 2a4a3000 rlib 3 > > /usr/lib/libz.so.4.0 > > 0df8 2df87000 rlib 4 > > /usr/lib/libm.so.2.0 > > 056bb000 256f2000 rlib 1 > > /usr/lib/libc.so.34.2 > > 0aa86000 0aa86000 rtld 1 > /usr/libexec/ld.so > > > > However, convert does not seem to find those > > libraries. Additionally, convert complains about a > > different library every time it is run inside the > > chroot. For example: > > > > # convert > > convert: can't load library 'libtiff.so.36.1' > > # convert > > convert: can't load library 'libpng.so.4.1' > > # convert > > convert: can't load library 'libjbig.so.1.2' > > # convert > > convert: can't load library 'libpng.so.4.1' > > # convert > > convert: can't load library 'libbz2.so.10.2' > > # convert > > convert: can't load library 'liblcms.so.1.12' > > # convert > > convert: can't load library 'libjasper.so.1.0' > > # convert > > convert: can't load library 'libxml2.so.9.0' > > > > What must I do for convert to find those libraries > and > > run successfully? Thanks for any feedback! > > > Serban Giuroiu > > http://javatheory.net > > Tired of spam? Yahoo! Mail has the best spam > protection around > > http://mail.yahoo.com > > > > -- > Dennis Nasarov > http://pheonix.sysattack.com/ > > Serban Giuroiu http://javatheory.net
Some Sites Don't Load Behind pf NAT
Hello.
I have an OpenBSD 3.7 box set up as a router and
server for my home network. It connects to the
Internet through the kernel PPPoE driver. Naturally, I
use pf on that box. Everything runs smoothly, but
there are certain websites that do not load properly
from machines behind the NAT router.
When trying to access http://mail.yahoo.com or
http://linuxhardware.org, an initial connection is
made, but no further data comes in as the web browser
sits and waits. However, if I open those pages in lynx
from the OpenBSD box, they load without any problems.
Most other websites load correctly from all machines
on my network.
Searching Google, I found a similar problem posted to
this list a couple years ago in which an MTU setting
and fragmentation were the cause of the strage
behavior
(http://www.monkey.org/openbsd/archive/tech/0211/msg00163.html).
The poster added "scrub out all no-df max-mss 1452" to
his pf configuration and that fixed his problem.
As recommended in the pppoe(4) man page, I set the MSS
for the pppoe interface to 1440. I played around with
different MSS's and scrubbing out the DF bit, but my
problem remains. Does anyone know what is causing this
strange problem and how to fix it?
My pf.conf (without queueing rules and bloat) looks
like this:
---
ppp = "pppoe0"
table { 172.16.0.0/22 }
scrub random-id
scrub fragment reassemble
scrub reassemble tcp
scrub out on $ppp max-mss 1440
nat pass on $ppp from to ! ->
($ppp)
# allow connection to ssh & apache from the outside
pass quick on $ppp proto tcp from any to ($ppp) port
{22, 80}
# prevet other tcp connection attempts
block in on $ppp proto tcp from any to ($ppp) flags
S/SA
# don't allow routing of packets to where they
# should not go
block in on $ppp from any to !($ppp)
block out on $ppp from !($ppp) to any
-------
Serban Giuroiu
http://javatheory.net
__
Discover Yahoo!
Get on-the-go sports scores, stock quotes, news and more. Check it out!
http://discover.yahoo.com/mobile.html
Re: Some Sites Don't Load Behind pf NAT
--- j knight <[EMAIL PROTECTED]> wrote: > > scrub random-id > > scrub fragment reassemble > > scrub reassemble tcp > > scrub out on $ppp max-mss 1440 > > These scrub rules aren't doing what you think > they're doing. "scrub" is > a rule, not an option such as the "set" parameters. > The first matching > scrub rule wins. pfctl -vvsr and see just which > rules are having an > affect. Oops, you're right about that, Joel! Well, I condensed my normalization rules down to scrub in all fragment reassemble random-id scrub out on $ppp max-mss 1440 and my problem is now fixed. Thanks everyone who gave input! Serban Giuroiu http://javatheory.net Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
