You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Markus Schönhaber <ma...@schoenhaber.de> on 2005/10/22 14:01:53 UTC
Re: Tomcat 5.5.10: APR-SSL doesn't work in chrooted UML
Am Dienstag, 9. August 2005 14:37 schrieb Markus Schönhaber:
> Hello!
>
> I'm trying to run Tomcat 5.5.10 [1] on user mode linux which is started in
> a chrooted environment but Tomcat hangs when initializing the SSL-Connector
> - i. e. the message
> org.apache.coyote.http11.Http11AprProtocol init
> does never show up in the log. When I try to connect to the SSL-port the
> TCP handshake is made but no data at all is transmitted.
>
> Everything runs fine if:
> - The UML-kernel is *not* started in a chroot environment. (!)
> - APR is used but SSL is turned off (ex. the Connector has set the
> "SSLEngine" config attribute to "off").
> - APR isn't used at all.
>
> I don't have the slightest idea why it should matter whether UML is started
> in a chroot environment or not. To tell the truth, I don't have the
> slightest idea whether it's a bug in Tomcat, APR, Tomcat's native binding
> to APR, openssl, UML or if it's myself overlooking something absolutely
> obvious.
Since there was such a tremendous amount of reactions on this topic, I can't
help but share my findings here ;-)
OK, jokes aside. Just for the records and in case someone else stumbles over
this issue, here's what I came up with:
The source of the problem is /dev/random. Processes running in a chroot'ed UML
that try to read from /dev/random will get some bytes and then /dev/random
will stall. The APR tries to read from /dev/random (to get some entropy for
the SSL connector, I think) and this process doesn't finish - at least not in
a reasonable time.
What helped for me was to bind-mount /dev/random into the chroot environment
the user mode linux guest kernel is running in.
Regards
mks
PS: It is only my machine where I experienced this problem and where the
solution mentioned above helped to resolve it. So, YMMV.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org