How to run sybase in a chroot jail?

Support for security such as Firewalls and securing linux
Post Reply
jetbright
Posts: 2
Joined: 2012/09/20 02:03:34

How to run sybase in a chroot jail?

Post by jetbright » 2012/09/20 03:00:26

How to run sybase in a chroot jail.

Hi!

I need to run sybase-11.0.3.3 or 11.9.2 on centos5.
Because the glibc-2.5-24 of centos5 is too newer for sybase-11 and the known “seg fault” problem, I make a plan to install and run sybase11 in a chroot jail on centos5.
And in the chroot jail, there is a glibc-2.2.93 from Redhat8.0.
I've made many researches.
I've succeeded once (sybase11.0.3.3 running ok ), then I deleted the virtual machine since I thought all things were ok.
But after that, I've never succeeded and I still got the “segmentation fault” when booting the sybase server.
I think that something detail was important in that success, but I didn’t notice it.

Any help would be greatly appreciated.

Here’s my steps:

>>>On Redhat8.0:

(1)Install and run a sybase-11.0.3.3 instance. All things are ok.
# ldd $SYBASE/bin/dataserver
/lib/libNoVersion.so.1 => /lib/libNoVersion.so.1 (0×40013000)
libm.so.6 => /lib/i686/libm.so.6 (0x4001a000)
libc.so.6 => /lib/i686/libc.so.6 (0×42000000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0×40000000)

>>>On CentOS5:

(2)Make a chroot jail:/home/dbroot. In the jail, there are these dirs:
/bin, /lib, /sbin, /var/lib/rpm, /usr/lib, /usr/bin, /dev, /proc, /sys, /tmp
mount -o bind /proc /home/dbroot/proc
mount -o bind /dev /home/dbroot/dev
mount -o bind /sys /home/dbroot/sys

(3)Move these dirs with all their subdirs & files from Redhat8.0 to CentOS jail(/home/dbroot):
/bin, /lib, /sbin, /var/lib/rpm, /usr/lib, /usr/bin

(4)Configure /etc/chroot.conf and /etc/pam.d/login to make sybase loginning into jail.

(5)In the jail, install sybase11
# chroot /home/dbroot
# ldconfig
# rpm -ivh sybase-11.0.3.3.rpm
# ldd /opt/sybase/bin/dataserver
/lib/libNoVersion.so.1 => /lib/libNoVersion.so.1 (0x006a4000)
libm.so.6 => /lib/i686/libm.so.6 (0×00446000)
libc.so.6 => /lib/i686/libc.so.6 (0×42000000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x005d3000)

All seems to be right, the dataserver is based on just the same libraries as those on Redhat8.0.

(6)Login as sybase, of cause it’s into $jail/opt/sybase(/home/dbroot/opt/sybase) now.
$ export LD_POINTER_GUARD=0 (LD_POINTER_GUARD=1 is tried also, no help)
$ sybinit

I still get the “segmentation fault” when trying to boot the server.

It’s so unreasonable!
Login this jail, the /lib that sybase can find only is in jail($jail/lib).
And the only glibc that sybase can address is the glibc-2.2.93 in $jail/lib.
It’s impossible for sybase to find glibc-2.5-24 of CentOS5 out of the jail.
Then, what’s wrong?

User avatar
AlanBartlett
Forum Moderator
Posts: 9345
Joined: 2007/10/22 11:30:09
Location: ~/Earth/UK/England/Suffolk
Contact:

How to run sybase in a chroot jail?

Post by AlanBartlett » 2012/09/20 20:56:52

Please do not dual-post.

This forum, [i]CentOS 5 - Security Support[/i], is not an appropriate location for your query. Hence it is now locked.

Any assistance, please, to the [url=https://www.centos.org/modules/newbb/viewtopic.php?topic_id=39370&forum=38&post_id=171134#forumpost171134]original posting[/url] in the [i]CentOS 5 - Software Support[/i] forum.

Post Reply