chroot problems with Red Hat Advanced server

["Chapman, Justin T" <JtChapma () bhi-erc com>]

Hi all,

I'm having some problems getting snort 2.0 to chroot when running on Red Hat
AS.  Here's the rundown of my setup:

- snort-2.0.0 compiled from source with the --with-mysql switch
- Linux kernel 2.4.9-e.16
- snort command line: /home/snort/bin/snort -debo -c etc/snort.conf -u snort
-g snort -t /home/snort -l log
- /home/snort has the following subdirs: bin, etc, log, tmp, scripts

When I try to start snort with the above command, I get the following error:
        ERROR: log directory 'log' does not exist
        Fatal Error, Quitting..

If I exclude the "-l log" switch, the error turns to:
        Running in IDS mode
        Log directory = /var/log/snort
        ERROR:
        [!] ERROR: Can not get write access to logging directory
"/var/log/snort".
        (directory doesn't exist or permissions are set incorrectly
        or it is not a directory at all)

        Fatal Error, Quitting..

I ran the snort command line with strace (file attached) and it didn't show
any calls to chroot(), so it doesn't even look like snort is *trying* to
chroot itself...  :(

I've run this setup successfully on a RH 7.3 box with the same command line
and that worked fine.

Any ideas?

Thanks!

--justin
"Every cloud has a silver lining (except for the mushroom shaped ones, which
have a lining of Iridium & Strontium 90)"

Attachment: strace.txt
Description: