README.FULLCHROOT To use CGI in a chrooted environment you must compile kerkelinn with FULLCHROOT defined and put your host-dir host.domain.tld:port in a directory named host.domain.tld%port. If kerkelinn's process has CAP_SETUID capability (i.e. runs as root) it will also set UID and GID to the values of the chroot-dir host.domain.tld%port. Example: root@dev:~/kerkelinn-1.13 > make [...] root@dev:~/kerkelinn-1.13 > ls -la local.localdomain%80/ total 40 drwxr-xr-x 10 9999 9999 1024 2011-02-26 10:02 . drwxr-xr-x 7 1003 1003 3072 2011-02-26 16:47 .. drwxr-xr-x 2 root root 5120 2011-02-07 12:49 bin drwxr-xr-x 136 root root 9216 2011-02-26 10:03 etc drwxr-xr-x 11 root root 11264 2011-02-07 12:47 lib drwxr-xr-t 3 1003 1003 1024 2011-02-26 16:45 local.localdomain:80 dr-xr-xr-x 137 root root 0 2010-04-27 13:11 proc drwxr-xr-x 2 root root 6144 2011-02-07 12:47 sbin drwxr-xr-x 12 root root 0 2010-04-27 13:11 sys drwxr-xr-x 12 root root 4096 2009-10-12 12:55 usr root@dev:~/kerkelinn-1.13 > ls -la local.localdomain%80/local.localdomain\:80/ total 6 drwxr-xr-t 3 1003 1003 1024 2011-02-26 16:45 . drwxr-xr-x 10 9999 9999 1024 2011-02-26 10:02 .. -rw-r--r-- 1 1003 1003 23 2001-08-23 21:03 index.html -rw-r--r-- 1 1003 1003 53 2001-08-23 21:03 index.html.gz -rw-r--r-- 1 1003 1003 43 2011-02-26 16:13 index.php root@dev:~/kerkelinn-1.13 > cat local.localdomain%80/local.localdomain\:80/index.php root@dev:~/kerkelinn-1.13 > export TCPLOCALPORT=80 root@dev:~/kerkelinn-1.13 > { echo 'GET /index.php HTTP/1.1';echo 'Host: local.localdomain';echo;sleep 1; } | strace -s 1024 -f -o /tmp/str ./kerkelinn-chrootcms 2>/dev/null HTTP/1.0 200 OK Server: kerkelinn/1.13 Connection: close X-Powered-By: PHP/5.3.3-7 Content-type: text/html /index.php root@dev:~/kerkelinn-1.13 > cat /tmp/str 20150 execve("./kerkelinn-chrootcms", ["./kerkelinn-chrootcms"], [/* 28 vars */]) = 0 20150 rt_sigaction(SIGPIPE, {SIG_IGN, [PIPE], SA_RESTORER|SA_NODEFER, 0x804c198}, {SIG_DFL, [], 0}, 8) = 0 20150 time([1298735506]) = 1298735506 20150 poll([{fd=0, events=POLLIN}], 1, 6000) = 1 ([{fd=0, revents=POLLIN}]) 20150 read(0, "GET /index.php HTTP/1.1\nHost: local.localdomain\n\n", 8187) = 49 20150 time(NULL) = 1298735506 20150 chroot("local.localdomain%80") = 0 20150 chdir("/") = 0 20150 stat64(".", {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0 20150 setgid(9999) = 0 20150 setuid(9999) = 0 20150 chdir("local.localdomain:80") = 0 [...] 20150 fork() = 20151 [...] 20151 execve("/usr/bin/php-cgi", ["/usr/bin/php-cgi", "./index.php"], [/* 38 vars */]) = 0 [...] 20151 write(1, "X-Powered-By: PHP/5.3.3-7", 25) = 25 20151 write(1, "\r\n", 2) = 2 20151 write(1, "Content-type: text/html", 23) = 23 20151 write(1, "\r\n", 2) = 2 20151 write(1, "\r\n", 2) = 2 20151 write(1, "/index.php\n", 11) = 11 [...] 20150 write(1, "HTTP/1.0 200 OK\r\nServer: kerkelinn/1.13\r\nConnection: close\r\nX-Powered-By: PHP/5.3.3-7\r\nContent-type: text/html\r\n\r\n/index.php\n", 125) = 125 [...]