Mantis - Resin
Viewing Issue Advanced Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
2426 minor always 02-11-08 16:57 03-05-08 14:23
Reporter: ferg Platform:  
Assigned To: ferg OS:  
Priority: normal OS Version:  
Status: closed Product Version: 3.1.4  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 3.1.6  
Summary: 0002426: add chroot
Description: for security
Steps To Reproduce:
Additional Information:
Relationships
Attached Files:

Notes
(0002780)
norlab   
02-14-08 20:11   
Hi Scott,

1.) Will this bug be for chroot for the host/webapp/server? Will it be a way to prevent JRE from accessing server wide resources similar to chroot'ing the entire application?

2.) If possible I would request to have it be effective at the host level.

3.) Will this be available in 3.1.5?

Always impressed and grateful for the Caucho Team.

and thanks.
(0002781)
ferg   
02-14-08 20:24   
See http://caucho.com/resin/doc/resin-watchdog.xtp [^] and look at the ISP section, particularly the <watchdog-manager> section.

It would be a true chroot, not a virtual one, at the <watchdog> level, something like:

<resin ...>
<watchdog-manager>
<watchdog id="user1">
  <chroot>/var/host1</chroot>

  <user-name>user1</user-name>
  <group-name>group1</group-name>

  <resin-home>resin</resin-home>
  <resin-conf>conf/resin.conf</resin-conf>

  <open-port address="host1.com" port="80"/>
</watchdog>

chrooting is pretty severe. You need to add a copy of the JDK and Resin and stuff like /etc/resolv.conf if the application uses it.

If the application binds to port 80 or 8080 it would need its own IP, although you could set up a Resin load balancer on a web-tier and dispatch to different chrooted virtual hosts.

Unfortunately, 3.1.5 might not be possible. (Depending... it might be easier to implement than it would be to document or configure. The complication is all on the administrator's end.)
(0002783)
norlab   
02-15-08 14:45   
Hi Scott,

So, for lack of a better term, this would end up being a virtualized instance? The install would be with separate JRE files, resin app, etc? However sharing the same OS?

We would run a load balancer to destribute to the backend JVMs or backend virtual instances. We would also start each host instance with a separate JVM and hence different chroot location.

If unable roll this out with 3.1.5, we will start with using the new securitymanager changes and monitor server performance. However, as you suggested I think a better way is with chroot and separate JVM instances.

This does seem like a great feature once completed and a real good move in helping to make ISP environment more secure. And once again thanks, tons of thanks for providing a great product.