If you are using 2.4.STABLE3 with no external helpers
- 2.4.STABLE3
- using the internal DNS resolver (default)
- using the "aufs" store type (not default, only recommended on Linux
and Solaris)
- have disabled unlinkd (not used by aufs)
- are not using any redirector
- are not using any proxy_auth helper
then chrooting is mostly a matter of coying mime.conf into the chroot
directory where Squid expects to find it, and then configure Squid using
the chroot directive. You may also need to copy your resolv.conf file,
or configure the name servers manually in squid.conf. Depending on your
OS and if you start Squid without the -N option some extra files may be
needed such as /dev/null, /dev/zero and some libraries. strace/truss is
your friend in finding any missing pieces (strace -f squid -DNCd1 2>&1 |
tee squid.trace)
If you have a setup where external helpers are used (dnsserver, unlinkd,
diskd, proxy_auth helper, redirector, ...), then you must build a mostly
complete chroot directory with all libraries, devices etc used by these
helpers. See any of the existing howtos on how to create a generic
chroot directory for your platform.
Regards
Henrik Nordström
Squid Developer, author of the squid.conf chroot directive
> I'm all googled-out on this one, and all I found in the mailng
> list archives was someone flaming someone else for posting his
> entire squid.conf while attempting to ask how to chroot squid,
> and the question remained unanswered. So I'll re-ask the question
> (yay!) and NOT include an entire file.
>
> I'm using Squid 2.4.STABLE3
Received on Sat Jan 19 2002 - 04:03:33 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:53 MST