Eric Wong normalperson@yhbt.net wrote:
Mike wrote:
Axel Reinhold wrote:
root@bongo opt]# /opt/ssl/bin/stunnel
[cut]
daemon: No such file or directory (2) removing pid file /var/run/stunnel.pid
[cut]
Using a chroot + daemonizing seems to be the problem, creating /dev/null inside the chroot as a workaround seems to work. However, 4.26 (and probably other non-4.30 versions) worked without needing /dev/null inside the chroot.
Using CentOS 5.4, glibc 2.5 so the daemon() function is available.
There was also a problem with the pid file inside the chroot pointing to an invalid pid.
I've reordered the initalization methods in the below patch which fixes both daemonization and pid files being broken with chroots.
*** /dev/fd/63 2010-01-28 18:05:31.386566649 -0800 --- src/stunnel.c 2010-01-28 17:43:27.000000000 -0800 *************** *** 88,93 **** --- 88,94 ---- ssl_init(); /* initialize SSL library */ sthreads_init(); /* initialize critical sections & SSL callbacks */ parse_commandline(arg1, arg2); + log_open();
#ifdef USE_FIPS if(options.option.fips) { *************** *** 116,135 **** if(!bind_ports()) die(1);
- #ifdef HAVE_CHROOT - change_root(); - #endif /* HAVE_CHROOT */ - #if !defined(USE_WIN32) && !defined(__vms) && !defined(USE_OS2) - drop_privileges(); if(service_options.next) { /* there are service sections -> daemon mode */ - create_pid(); if(!(global_options.option.foreground)) daemonize(); } #endif /* standard Unix */
- log_open(); stunnel_info(); }
--- 117,134 ---- if(!bind_ports()) die(1);
#if !defined(USE_WIN32) && !defined(__vms) && !defined(USE_OS2) if(service_options.next) { /* there are service sections -> daemon mode */ if(!(global_options.option.foreground)) daemonize(); + #ifdef HAVE_CHROOT + change_root(); + #endif /* HAVE_CHROOT */ + drop_privileges(); + create_pid(); } #endif /* standard Unix */
stunnel_info(); }