[stunnel-users] after 4.30 no more working

Eric Wong normalperson at yhbt.net
Fri Jan 29 03:10:31 CET 2010


Eric Wong <normalperson at yhbt.net> wrote:
> Mike wrote:
> > Axel Reinhold wrote:
> > > root at bongo opt]# /opt/ssl/bin/stunnel
> > [cut]
> > > daemon: No such file or directory (2)
> > > removing pid file /var/run/stunnel.pid
[cut]
> Using a chroot + daemonizing seems to be the problem, creating /dev/null
> inside the chroot as a workaround seems to work.  However, 4.26 (and
> probably other non-4.30 versions) worked without needing /dev/null
> inside the chroot.
> 
> Using CentOS 5.4, glibc 2.5 so the daemon() function is available.

There was also a problem with the pid file inside the chroot pointing
to an invalid pid.

I've reordered the initalization methods in the below patch which fixes
both daemonization and pid files being broken with chroots.

*** /dev/fd/63	2010-01-28 18:05:31.386566649 -0800
--- src/stunnel.c	2010-01-28 17:43:27.000000000 -0800
***************
*** 88,93 ****
--- 88,94 ----
      ssl_init(); /* initialize SSL library */
      sthreads_init(); /* initialize critical sections & SSL callbacks */
      parse_commandline(arg1, arg2);
+     log_open();
  
  #ifdef USE_FIPS
      if(options.option.fips) {
***************
*** 116,135 ****
      if(!bind_ports())
          die(1);
  
- #ifdef HAVE_CHROOT
-     change_root();
- #endif /* HAVE_CHROOT */
- 
  #if !defined(USE_WIN32) && !defined(__vms) && !defined(USE_OS2)
-     drop_privileges();
      if(service_options.next) { /* there are service sections -> daemon mode */
-         create_pid();
          if(!(global_options.option.foreground))
              daemonize();
      }
  #endif /* standard Unix */
  
-     log_open();
      stunnel_info();
  }
  
--- 117,134 ----
      if(!bind_ports())
          die(1);
  
  #if !defined(USE_WIN32) && !defined(__vms) && !defined(USE_OS2)
      if(service_options.next) { /* there are service sections -> daemon mode */
          if(!(global_options.option.foreground))
              daemonize();
+ #ifdef HAVE_CHROOT
+         change_root();
+ #endif /* HAVE_CHROOT */
+         drop_privileges();
+         create_pid();
      }
  #endif /* standard Unix */
  
      stunnel_info();
  }
-- 
Eric Wong



More information about the stunnel-users mailing list