# Chroot Apache



## aquouel (Sep 7, 2009)

Hello,

I am a french user of FreeBSD so excuse me for my futur faults.

I am trying to chroot Apache, but when I start it, I have an error in the log.


```
[crit] (45)Operation not supported: apr_proc_detach failed
Pre-configuration failed
```

On Google, this error is due to the device /dev/null which is not present.

I created this device, but I had always this error.

```
$ ls -l /dev/null 
crw-rw-rw-  1 root  wheel    0,   8 Sep  7 05:50 /dev/null

$ mknod /chroot/dev/null c 0 8
$ chmod 666 /chroot/dev/null
$ ls -l /chroot/dev/null
crw-rw-rw-  1 root  wheel    0,   8 Sep  5 18:27 /chroot/dev/null
```


can you help me please
Thanks a lot


----------



## Alt (Sep 7, 2009)

Look this command at your system. You must copy all of this libraries to relevant directorys in your chroot.

```
# ldd /usr/local/sbin/httpd
/usr/local/sbin/httpd:
        libz.so.4 => /lib/libz.so.4 (0x800683000)
        libaprutil-0.so.9 => /usr/local/lib/apache2/libaprutil-0.so.9 (0x800797000)
        libexpat.so.6 => /usr/local/lib/libexpat.so.6 (0x8008ac000)
        libiconv.so.3 => /usr/local/lib/libiconv.so.3 (0x8009d0000)
        libapr-0.so.9 => /usr/local/lib/apache2/libapr-0.so.9 (0x800bca000)
        libm.so.5 => /lib/libm.so.5 (0x800ceb000)
        libcrypt.so.4 => /lib/libcrypt.so.4 (0x800e05000)
        libc.so.7 => /lib/libc.so.7 (0x800f1e000)
```
Plus, you can try to mount devfs instead of mknod (when i tried to do it with mknod i have not success)


----------



## vivek (Sep 7, 2009)

Chroot apache does not provide complete protection. The best you can do is put apache in jail using FreeBSD jails. 

http://www.freebsd.org/doc/en/books/handbook/jails.html


----------



## aquouel (Sep 7, 2009)

It's good now 

I have mount devfs.

If other users have the same problem, try this :


```
$ mount -t devfs devfs /chroot/dev
$ devfs -m /chroot/dev rule apply path null unhide
```


Alt, Thanks a lot


----------

