> Hello list > > I'm having a play with the namespaces feature in the uWSGI. I can get > the simple example working fine ( > http://uwsgi-docs.readthedocs.org/en/latest/Namespaces.html). However > the more complicated configuration we use in production just doesn't > work and it's quite difficult to debug what is going on. > > The errors are all related to not being able to find files (which are in > the chroot). Or permission denied trying to open log files. For example: > > IOError: [Errno 13] Permission denied: > '/var/log/www.somesite.com.error.log' > > Which makes me think it's trying to open the log files before it has > been chrooted. Though weirdly if I give the user permission both inside > and outside of the chroot it still gives that error. > > So, if anyone has any ideas I would be much obliged. > > Also, which specific namespaces are being created and joined with the > "namespaces = /path/to/chroot:hostname" in the .ini file? I'm assuming > PID, and IPC? > > Cheers > > >
The --namespace option has been written lot of time ago and is a very specific usage of this technology so it may not fit well in your scenario. Recent uWSGI releases (1.9.15 and upcoming 1.9.16) got low-level support for unshare() and friends (in addition to tons of hooks) so you may find it more versatile. By the way, logs are opened on the very beginning, you can postpone it with --logto2 (that happens later) --namespace enable mountpoint, ipc, uts and pid namespaces. net namespace is only enabled with --namespace-net Dot not forget the new Emperor "clone" feature: http://uwsgi-docs.readthedocs.org/en/latest/Changelog-1.9.15.html#emperor-and-linux-namespaces-improvements basically you will spawn your vassals automatically in a new namespace in which you can simply call "chroot" without bothering with additional steps or mountpoints dance -- Roberto De Ioris http://unbit.it _______________________________________________ uWSGI mailing list [email protected] http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi
