Fossil

Check-in [4c837bc3]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Small improvements to the new Fossil Chroot Jail section of www/server.wiki
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | server-docs
Files: files | file ages | folders
SHA3-256: 4c837bc3430fcd464023685c75d5941d550251564ec116abc50ae047b0927977
User & Date: wyoung 2019-08-16 11:41:03
Context
2019-08-16
11:42
Markdownism fixes... check-in: 1428f59e user: wyoung tags: server-docs
11:41
Small improvements to the new Fossil Chroot Jail section of www/server.wiki check-in: 4c837bc3 user: wyoung tags: server-docs
11:08
Small clarity tweak to the new "Methods" discussion in www/server.wiki. check-in: fc00b7b2 user: wyoung tags: server-docs
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to www/server.wiki.

164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
...
180
181
182
183
184
185
186
187
188

189
190
191
192
193
194
195
196
197
198
199
200

201
202
203
204
205
206
207

<h2 id="chroot">The Fossil Chroot Jail</h2>

<blockquote>
If you run Fossil as root in any mode that serves data on the
network, and you're running it on Unix or a compatible OS, Fossil
will drop itself into a [https://en.wikipedia.org/wiki/Chroot |
chroot jail] shortly after starting up. It will drop its root
privileges once it's done everything that requires root access; most
commonly, you run Fossil as root to allow it to bind to TCP port 80
for HTTP service, since normal users are restricted to ports 1024
and up on OSes where this behavior occurs.

Fossil uses the owner of the Fossil repository file as its new user
ID when dropping root privileges.

................................................................................
When this happens, Fossil needs to have all of its dependencies
inside the chroot jail.  There are several things you typically need
in order to make things work properly:

<ul>
    <li>the repository file(s)

    <li><tt>/dev/null</tt> — create it with <tt>mknod(8)</tt>
    inside the jail directory


    <li><tt>/dev/urandom</tt> — ditto

    <li>any shared libraries your <tt>fossil</tt> binary is linked
    to, such as <tt>/lib/libssl.so</tt>; consider building Fossil as a
    static binary to avoid this
</ul>
</blockquote>

<blockquote>
Fossil does all of this in order to protect the host OS.  There is
no way to bypass it, on purpose.

</blockquote>


<h2 id="loadmgmt">Managing Server Load</h2>

<blockquote>
A Fossil server is very efficient and normally presents a very light







|
|







 







|
|
>



|
|
|
|
|


|
|
>







164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
...
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209

<h2 id="chroot">The Fossil Chroot Jail</h2>

<blockquote>
If you run Fossil as root in any mode that serves data on the
network, and you're running it on Unix or a compatible OS, Fossil
will drop itself into a [https://en.wikipedia.org/wiki/Chroot |
chroot jail] shortly after starting up, after
it's done everything that requires root access. Most
commonly, you run Fossil as root to allow it to bind to TCP port 80
for HTTP service, since normal users are restricted to ports 1024
and up on OSes where this behavior occurs.

Fossil uses the owner of the Fossil repository file as its new user
ID when dropping root privileges.

................................................................................
When this happens, Fossil needs to have all of its dependencies
inside the chroot jail.  There are several things you typically need
in order to make things work properly:

<ul>
    <li>the repository file(s)

    <li><tt>/dev/null</tt> — create it with <tt>mknod(8)</tt> inside the
    jail directory ([https://fossil-scm.org/forum/forumpost/90caff30cb |
    Linux example])

    <li><tt>/dev/urandom</tt> — ditto

    <li>any shared libraries your <tt>fossil</tt> binary is linked to,
    such as <tt>/lib/libssl.so</tt>; consider
    <tt>[https://www.fossil-scm.org/fossil/doc/trunk/www/build.wiki |
    ./configure --static]</tt> to avoid the need for this
</ul> </blockquote>

<blockquote>
Fossil does all of this in order to protect the host OS. You can make it
bypass the jail part of this by passing `--nojail` to `fossil server`,
but you cannot make it skip the dropping of root privileges, on purpose.
</blockquote>


<h2 id="loadmgmt">Managing Server Load</h2>

<blockquote>
A Fossil server is very efficient and normally presents a very light