On 05/14/14 18:57, Denis Fondras wrote: > Hello all, > > I am burning my last neurons with a behavior I can't explain. I wonder > why getaddrinfo() fails when called after chroot() with root user. > > > I have this piece of code : > > /*--- test.c ---*/ > #include <sys/types.h> > #include <stdio.h> > #include <sys/socket.h> > #include <netdb.h> > #include <pwd.h> > > int main(int argc, char *argv[]) > { > struct addrinfo *ai_out; > struct passwd *pw; > int error; > > pw = getpwnam("_bgpd"); > > error = getaddrinfo("rpki.liopen.eu", NULL, NULL, &ai_out); > if (error) > printf("getaddrinfo() failed\n"); > else printf("getaddrinfo() succeed\n"); > > chroot(pw->pw_dir); > chdir("/"); > > error = getaddrinfo("rpki.liopen.eu", NULL, NULL, &ai_out); > if (error) > printf("getaddrinfo() failed\n"); > else printf("getaddrinfo() succeed\n"); > > return 0; > } > /*--- test.c ---*/ > > $ ./a.out > getaddrinfo() succeed > getaddrinfo() succeed > > # ./a.out > getaddrinfo() succeed > getaddrinfo() succeed > > > > > Everything is good. Now if I compile : > > /*--- test.c ---*/ > #include <sys/types.h> > #include <stdio.h> > #include <sys/socket.h> > #include <netdb.h> > #include <pwd.h> > > int main(int argc, char *argv[]) > { > struct addrinfo *ai_out; > struct passwd *pw; > int error; > > pw = getpwnam("_bgpd"); > > error = 0 > if (error) > printf("getaddrinfo() failed\n"); > else printf("getaddrinfo() succeed\n"); > > chroot(pw->pw_dir); > > error = getaddrinfo("rpki.liopen.eu", NULL, NULL, &ai_out); > if (error) > printf("getaddrinfo() failed\n"); > else printf("getaddrinfo() succeed\n"); > > return 0; > } > /*--- test.c ---*/ > > $ ./a.out > getaddrinfo() succeed > getaddrinfo() succeed > > # ./a.out > getaddrinfo() succeed > getaddrinfo() failed > > > > If this an expected behavior, what would be the preferred way to resolve > a name from a chrooted process ? I am extending OpenBGPd and I need to > resolve domain names and connect to a service (no BGP protocol). I am > currently using the "session" process to handle the connection part but > I am stuck on name resolution for now. > > Thank you in advance, > Denis >
I wonder if you're using the wrong function. There is gethostbyname for forward lookups? Regards, -peter