You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2019-04-10 00:01:20
- juanp_1982
- Member
- From: Ottawa, Ontario, Canada
- Registered: 2012-09-02
- Posts: 69
systemd chroot failed [SOLVED]
Hello World!
I created my own service for a Nodejs app with chroot enable that I host in my machine for some people to see through the network, unfortunately the service failed and there is not log in journalctl, the only thing that I get is what I get from from systemctl status
soda.service - Soda's book
Loaded: loaded (/usr/lib/systemd/system/soda.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2019-04-09 20:18:14 ADT; 3s ago
Process: 29132 ExecStart=/nodejs/bin/node /bundle/main.js (code=exited, status=210/CHROOT)
I did find anything useful in here freedesktop.org because I couldn't get any meaningful log, I googled using this criteria "systemd (code=exited, status=210/CHROOT)" and nothing useful came up.
This is my unit file
[Unit]
Description=Soda's book
After=network.target mongodb.service
[Service]
Type=simple
User=web
Group=web
Environment=MONGO_URL='mongodb://soda:dev@naruto:57017/soda' PORT='3003' ROOT_URL='http://localhost:3003'
RootDirectory=/web
ExecStart=/nodejs/bin/node /bundle/main.js
[Install]
WantedBy=multi-user.targetThe service works as expected if I don't use RootDirectory=
ls -ld /web
drwxrwxr-x 4 web web 4.0K Apr 8 19:50 /web
thanks for your time, I appreciate any help! :-)
Last edited by juanp_1982 (2019-04-10 17:57:24)
Offline
#2 2019-04-10 07:09:29
- V1del
- Forum Moderator
- Registered: 2012-10-16
- Posts: 25,104
Re: systemd chroot failed [SOLVED]
What do you think RootDirectory= does ? And what do you actually intend to do with that line, why would you want to set it (or any of the directory specifications in the first place)?
Last edited by V1del (2019-04-10 08:17:54)
Offline
#3 2019-04-10 14:00:12
- juanp_1982
- Member
- From: Ottawa, Ontario, Canada
- Registered: 2012-09-02
- Posts: 69
Re: systemd chroot failed [SOLVED]
Hi V1del! (I like your username, I'm a big fan of DB too)
What do you think RootDirectory= does ? And what do you actually intend to do with that line, why would you want to set it (or any of the directory specifications in the first place)?
my goal is to chroot jail my app to increase security. I want to cut access to my file system from my app. I have all I need (as far as I remember) under /web directory and this is the directory that I want to isolate
Offline
#4 2019-04-10 14:38:29
- loqs
- Member
- Registered: 2014-03-06
- Posts: 18,859
Re: systemd chroot failed [SOLVED]
If you manually execute chroot does that succeed?
Offline
#5 2019-04-10 17:08:59
- juanp_1982
- Member
- From: Ottawa, Ontario, Canada
- Registered: 2012-09-02
- Posts: 69
Re: systemd chroot failed [SOLVED]
If you manually execute chroot does that succeed?
I didn't thought doing that until you mentioned it (thanks for this)
this has helped me to understand better how systemd would create and work with chroot,
I had to:
cd /web
mkdir usr/{bin,lib}
ln -s usr/bin bin
ln -s usr/lib lib64
ln -s usr/lib lib
sudo mount -B /usr/lib /web/usr/lib
sudo mount -B /usr/bin /web/usr/bin
sudo chroot --userspec=web:web /webon the systemd unit file side, I'm looking into
# keep in mind that the symlinks and new directories from the previous step will remain there
BindReadOnlyPaths=/usr/bin:/usr/bin
BindReadOnlyPaths=/usr/lib:/usr/libso in conclusion, chroot was failing because it didn't find bash which is the default process. now, I have new problem but it's beyond this post
thanks for the hint!
Offline
#6 2019-04-10 17:12:43
- V1del
- Forum Moderator
- Registered: 2012-10-16
- Posts: 25,104
Re: systemd chroot failed [SOLVED]
Yes, this is why I was asking whether you knew what should actually happen here.
Please mark this thread as [SOLVED] by editing the title in your first post and make a new thread for your new problem if necessary.
Offline
Pages: 1