[Bug 1251939] Re: Chroot fails with "Cannot chroot when not started as root" error

Robie Basak 1251939 at bugs.launchpad.net
Thu Nov 28 17:40:10 UTC 2013 

** Description changed:

+ [Impact]
+ 
+ The Apache ChrootDir doesn't work, causing Apache to fail if you try to
+ use it. This means that it is not possible to run Apache in a chroot,
+ which is a regression from 13.04.
+ 
+ [Development Fix]
+ 
+ Adjust build system to not use things inside .pc/. This also requires
+ the regeneration of debian/patches/itk-rerun-configure.patch.
+ 
+ [Stable Fix]
+ 
+ Same as development fix.
+ 
+ [Test Case]
+ 
+ In included dep8 test. Install dpkg-dev and wget, then run "sh
+ debian/tests/chroot". This requires root, and will clobber your Apache
+ installation, so do this only on a fresh install that you can throw away
+ afterwards.
+ 
+ [Regression Potential]
+ 
+ Having to adjust the build system is not ideal, and could impact
+ anything. But what was being done before is obviously flawed, and could
+ introduce other problems not yet reported.
+ 
+ On balance, I think it is worth the SRU, since the unknowns also include
+ other bugs that we don't know about.
+ 
+ It might be worth mandating additional verification here, though, or a
+ longer than normal aging period.
+ 
+ I will leave the SRU team to decide.
+ 
+ [Original Description]
+ 
  I have set my chroot directory as shown below.
  
  ChrootDir /var/www
  
  When started with the above chroot setting, apache2 exits with the
  following error
  
  [Sat Nov 16 13:52:40.621872 2013] [unixd:alert] [pid 3747] (34)Numerical
  result out of range: AH02158: Cannot chroot when not started as root
  
  NOTE: apache2 is started as 'root' user. This was reported as a bug in apache.org earlier (link below) where it was confirmed this is fixed in a trunk.
  https://issues.apache.org/bugzilla/show_bug.cgi?id=55787
  
  Details of my Ubuntu server:
  -------------------------------------------------
- root at gorilla:~# cat /etc/lsb-release 
+ root at gorilla:~# cat /etc/lsb-release
  DISTRIB_ID=Ubuntu
  DISTRIB_RELEASE=13.10
  DISTRIB_CODENAME=saucy
  DISTRIB_DESCRIPTION="Ubuntu 13.10"
  
  root at gorilla:~# apache2ctl -v
  Server version: Apache/2.4.6 (Ubuntu)
  Server built:   Aug  9 2013 14:31:04
  
  root at gorilla:~# apache2ctl -l -M
  Compiled in modules:
-   core.c
-   mod_so.c
-   mod_watchdog.c
-   http_core.c
-   mod_log_config.c
-   mod_logio.c
-   mod_version.c
-   mod_unixd.c
-   mod_unixd.c
+   core.c
+   mod_so.c
+   mod_watchdog.c
+   http_core.c
+   mod_log_config.c
+   mod_logio.c
+   mod_version.c
+   mod_unixd.c
+   mod_unixd.c

** Description changed:

  [Impact]
  
- The Apache ChrootDir doesn't work, causing Apache to fail if you try to
- use it. This means that it is not possible to run Apache in a chroot,
- which is a regression from 13.04.
+ The Apache ChrootDir directive doesn't work, causing Apache to fail if
+ you try to use it. This means that it is not possible to run Apache in a
+ chroot, which is a regression from 13.04.
  
  [Development Fix]
  
  Adjust build system to not use things inside .pc/. This also requires
  the regeneration of debian/patches/itk-rerun-configure.patch.
  
  [Stable Fix]
  
  Same as development fix.
  
  [Test Case]
  
  In included dep8 test. Install dpkg-dev and wget, then run "sh
  debian/tests/chroot". This requires root, and will clobber your Apache
  installation, so do this only on a fresh install that you can throw away
  afterwards.
  
  [Regression Potential]
  
  Having to adjust the build system is not ideal, and could impact
  anything. But what was being done before is obviously flawed, and could
  introduce other problems not yet reported.
  
  On balance, I think it is worth the SRU, since the unknowns also include
  other bugs that we don't know about.
  
  It might be worth mandating additional verification here, though, or a
  longer than normal aging period.
  
  I will leave the SRU team to decide.
  
  [Original Description]
  
  I have set my chroot directory as shown below.
  
  ChrootDir /var/www
  
  When started with the above chroot setting, apache2 exits with the
  following error
  
  [Sat Nov 16 13:52:40.621872 2013] [unixd:alert] [pid 3747] (34)Numerical
  result out of range: AH02158: Cannot chroot when not started as root
  
  NOTE: apache2 is started as 'root' user. This was reported as a bug in apache.org earlier (link below) where it was confirmed this is fixed in a trunk.
  https://issues.apache.org/bugzilla/show_bug.cgi?id=55787
  
  Details of my Ubuntu server:
  -------------------------------------------------
  root at gorilla:~# cat /etc/lsb-release
  DISTRIB_ID=Ubuntu
  DISTRIB_RELEASE=13.10
  DISTRIB_CODENAME=saucy
  DISTRIB_DESCRIPTION="Ubuntu 13.10"
  
  root at gorilla:~# apache2ctl -v
  Server version: Apache/2.4.6 (Ubuntu)
  Server built:   Aug  9 2013 14:31:04
  
  root at gorilla:~# apache2ctl -l -M
  Compiled in modules:
    core.c
    mod_so.c
    mod_watchdog.c
    http_core.c
    mod_log_config.c
    mod_logio.c
    mod_version.c
    mod_unixd.c
    mod_unixd.c

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/1251939

Title:
  Chroot fails with "Cannot chroot when not started as root" error

To manage notifications about this bug go to:
https://bugs.launchpad.net/apache2/+bug/1251939/+subscriptions

More information about the Ubuntu-server-bugs mailing list