update: [grsec] apache denied attach of shared memory outside of chroot

Falk Hackenberger - MediaTransfer AG Netresearch & Consulting f.hackenberger at mediatransfer.com
Tue Jun 28 06:42:31 EDT 2005


Matt Kettler wrote:
> Falk Hackenberger - MediaTransfer AG Netresearch & Consulting wrote:
> 
>>why want the apache  attach of shared memory outside of chroot?
>>
>>how to do find out the reason for this?
>>
>>the apache 1.3.33 is build with mod_ssl,php and the
>>jakarta-tomcat-connector.

> Is tomcat inside the same chroot as apache?

yes, the tomcat is in the same chroot.
need  mount the tmpfs in the chroot?
the /dev-Dir in the chroot hold only /dev/null,
the tomcat and the apache are started by 2 independent scripts.
maybe there is a problem?

the problem ist not solved, but i guess you are right it has to do with
tomcat...

a other problem is, that the httpd dies with signal 11

grsec: From X: signal 11 sent to
/chroot/usr/local/apache/bin/httpd[httpd:31960] uid/euid:1000/1000
gid/egid:103/103, parent
/chroot/apache/usr/local/apache/bin/httpd[httpd:26619] uid/euid:0/0
gid/egid:0/0

any hints?


thanx falk


More information about the grsecurity mailing list