[peruser] peruser, mod_security and chroot
pete
pete at only4fun.org
Wed Aug 20 05:52:50 MDT 2008
Hello,
Anybody running peruser with mod_security?
Im having strange issue with this combo.
I guess it has something todo with peruser.
My error_log(s) are filling with "global mutex - permission denied".
Still it looks like every site running on this server is working properly.
So its not fatal, but i dont like that error :)
-------------------------------------------------------------------------------------------
[Wed Aug 20 14:47:26 2008] [error] [client 192.194.76.43] ModSecurity:
Audit log: Failed to lock global mutex: Permission denied [hostname
"www.domain.info"] [uri "/keskustelu/index.php"] [unique_id
"xLRtEX8AAAEAAG8gaOkAAAFl"]
[Wed Aug 20 14:47:26 2008] [error] [client 192.194.76.43] ModSecurity:
Audit log: Failed to unlock global mutex: Permission denied [hostname
"www.domain.info"] [uri "/keskustelu/index.php"] [unique_id
"xLRtEX8AAAEAAG8gaOkAAAFl"]
-------------------------------------------------------------------------------------------
Other part of this message I would like to ask about chroot capabilities
inside peruser. Is anyone using this feature in production?
I try it quickly but it of course want /bin /etc so on.
Anybody have good list about files it needs?
Sites actually working good, but it need at least /etc/hosts.
And it looks like it does not support DNS at all. I guess it need some
shared lib?
Is there anyway to go around mysqld.sock errors.
that sock of course is in /var/run/mysql and after chroot user has no
right to go outside chroot. I could do hard-link, but every time i reboot
apache i needed todo that hard-link again. Not an option :/
All other hints are welcome also.
Thanks! :)
Regards,
Pete
More information about the Peruser
mailing list