Hi all,

I have php-fpm running chrooted for a vhost of nginx. Everything works fine, except for the following:-

If I do

print_r(dns_get_record('www.av.com'));

I get the expected dns resolving no problem. But if I do any other operation that rquires a dns lookup, I get this error

Failed to connect socket: php_network_getaddresses: getaddrinfo failed: Name or service not known (code: -1, response: )

When I substitute the IP address instead, the php process just times out. Any ideas would be gratefully received. I have searched pretty much every google page but with no joy.

I will add that to test everything without the chroot, I set up another php-fpm handler with the same nginx server, but no chroot declaration. Everything worked as expected.

This tells me it's something to do with the chroot, but i'm at a loss as to what it could be.

You will need basic filesystem layout in chroot:

in /etc
group host.conf hosts localtime networks nsswitch.conf passwd protocols resolv.conf services

notably for resolving: nsswitch.conf resolv.conf


and appropriate libraries in lib
notably : libnss_dns and libnss_files

just to save you time, i'll list what i have in chroot, ssmtp or msmtp set up as mailer for php
you can use SMTP settings for php mail() as alternative, or mini_sendmail from ACME Software

File list:

./etc/nsswitch.conf
./etc/group
./etc/ssmtp.log
./etc/passwd
./etc/services
./etc/protocols
./etc/resolv.conf
./etc/localtime
./etc/host.conf
./etc/hosts
./etc/networks
./usr/bin/msmtp
./usr/bin/curl
./usr/bin/sendmail
./usr/bin/ssmtp
./usr/bin/gm
./usr/bin/sh
./usr/bin/false
./usr/bin/jpegtran
./usr/lib/gconv/*
./usr/lib/locale/locale-archive
./dev/urandom
./dev/null
./dev/zero
./tmp
./var/log
./lib/libresolv-2.11.2.so
./lib/libnss_compat.so.2
./lib/libc-2.11.2.so
./lib/libnsl.so.1
./lib/libnss_files-2.11.2.so
./lib/libz.so.1
./lib/libdl.so.2
./lib/libcidn.so.1
./lib/libcidn-2.11.2.so
./lib/ld-linux.so.2
./lib/libcrypt.so.1
./lib/libdl-2.11.2.so
./lib/libnss_files.so.2
./lib/libcrypto.so.1.0.0
./lib/libnss_nis-2.11.2.so
./lib/libnsl-2.11.2.so
./lib/ld-2.11.2.so
./lib/libc.so.6
./lib/libresolv.so.2
./lib/libnss_nis.so.2
./lib/libnss_compat-2.11.2.so
./lib/libz.so.1.2.5
./lib/libnss_dns.so.2
./lib/libnss_dns-2.11.2.so
./lib/libssl.so.1.0.0
./lib/libcrypt-2.11.2.so


make sure you'll have /bin/sh , otherwise php wont be able to run external programs ( sendmail, imagemagick, ... )

Hi,

Thanks for the pointers. The minimum files that I found I needed to solve my above problems were as follows :-

In the chroot, create

/dev/urandom
/etc/resolv.conf
/lib64/libnss_dns_2.5.so

Thanks Sylvia for the pointers !

Kind Regards,
--blackmogu