data segment limited in chroot?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

I'm trying to run the boinc client (seti@home etc.) as an unprivileged
account in a chroot jail.  Doing so appears to give the boinc client
in the jail too little memory.

I realise that the best idea is to patch boinc to work like bind, i.e.
to do the requisite chroot(2) and setuid(2) calls itself after it
has started. I'd prefer, however, (at least in the interim) to
distribute a
shellscript to do an equivalent job: so I was hoping to achieve an
outcome using standard, shellscript-accessible tools.

The problem I'm experiencing is that the jailed process seems to have
too low a limit set for its max data segment size.  When chrooted,
complains that it only has 64000000 of "memory" (which I take to be
data segment size - I guess it tried to malloc more and failed).  I
confess I don't know anything about manipulating the limits on a
process' memory (bar bash's ulimit -v, and I _really_ don't want bash
in the jail).

I experience the same problem when using the standard chroot(8) and
Wietse Venema's chrootuid.

Techie details:
- the jail is pretty minimalist - just copies of exactly the libraries
  boinc needs in /lib, and /etc only has resolv.conf and hosts. There's
  an empty /tmp directory, and the boinc binary and its datafiles.
- I'm running an up-to-date Ubuntu Hoary (kernel 2.6.10-5)

I'd appreciate any advice, or any necessary tellings-off for not
having read some important manpage.


Site Timeline