|
1
|
# The Server Chroot Jail |
|
2
|
|
|
3
|
If you run Fossil as root in any mode that [serves data on the |
|
4
|
network][srv], and you're running it on Unix or a compatible OS, Fossil |
|
5
|
will drop itself into a [`chroot(2)` jail][cj] shortly after starting |
|
6
|
up. The usual reason for launching Fossil |
|
7
|
as root is to allow it to bind to TCP port 80 for HTTP |
|
8
|
service, since normal users are restricted to ports 1024 and higher. |
|
9
|
|
|
10
|
Fossil uses the owner of the Fossil repository file as its new user |
|
11
|
ID when it drops root privileges. |
|
12
|
|
|
13
|
When Fossil enters a chroot jail, it needs to have all of its dependencies |
|
14
|
inside the chroot jail in order to continue work. There are several |
|
15
|
resources that need to be inside the chroot jail with Fossil in order for |
|
16
|
Fossil to work correctly: |
|
17
|
|
|
18
|
* the repository file(s) |
|
19
|
|
|
20
|
* `/dev/null` — create it with `mknod(8)` inside the jail directory |
|
21
|
([Linux example][mnl], [OpenBSD example][obsd]) |
|
22
|
|
|
23
|
* `/dev/urandom` — ditto |
|
24
|
|
|
25
|
* `/proc` — you might need to mount this virtual filesystem inside the |
|
26
|
jail on Linux systems that make use of [Fossil’s server load |
|
27
|
shedding feature][fls] |
|
28
|
|
|
29
|
* any shared libraries your `fossil` binary is linked to, unless you |
|
30
|
[configured Fossil with `--static`][bld] to avoid it |
|
31
|
|
|
32
|
Fossil does all of this as one of many layers of defense against |
|
33
|
hacks and exploits. You can prevent Fossil from entering the chroot |
|
34
|
jail using the <tt>--nojail</tt> option to the |
|
35
|
[fossil server command](/help/server) |
|
36
|
but you cannot make Fossil hold onto root privileges. Fossil always drops |
|
37
|
root privilege before accepting inputs, for security. |
|
38
|
|
|
39
|
|
|
40
|
[bld]: https://fossil-scm.org/home/doc/trunk/www/build.wiki |
|
41
|
[cj]: https://en.wikipedia.org/wiki/Chroot |
|
42
|
[fls]: ./loadmgmt.md |
|
43
|
[mnl]: https://fossil-scm.org/forum/forumpost/90caff30cb |
|
44
|
[srv]: ./server/ |
|
45
|
[obsd]: ./server/openbsd/fastcgi.md#chroot |
|
46
|
|