Solved Escaping from "La Bastille 2"... Issues with binding folders...

freezr

freezr

Hi folks especially SirDice, here is the thing I have a service listening on a SRV record, I think it is listening properly, what is not working is the access to the files.

The service is a Gemini server which should provide text files (gmi) and media (jpg, png, etc.) it is closer to Gopher rather than HTTP. The pages are saved on the host and are bound to the (Bastille) Jails editing this file: /usr/local/bastille/jails/gmid/fstab:
Code: 
/var/www/    /usr/local/bastille/jails/gmid/root/var/www/ nullfs rw 0 0

What is it happening when I tried to reach: gemini://warp.geminispace.net from any Gemini client?

Apparently the handshake goes fine but the resource are missing:
Code: 
[2022-06-05 05:33:49] 73.245.31.117:33521 handshake: SNI: "warp.geminispace.net"; decoded: "warp.geminispace.net"; matched: "warp.geminispace.net"
[2022-06-05 05:33:49] 73.245.31.117:33521 check_path: strip=0 path=. original=
73.245.31.117:33521 GET gemini://warp.geminispace.net/ 51 not found

Server replies with error 51, which means the page requested (index.gmi) is not available; from the documentation:

51 NOT FOUND

The requested resource could not be found but may be available in the future. (cf HTTP 404) (struggling to remember this important status code? Easy: you can't find things hidden at Area 51!)
Click to expand...

What is it happening if I'd like to "LS" the folder that should contain the documents?

Within the jail
Code: 
ls -l /var/www/geminispace.net/
total 12
drw-r--r--  2 1001  1001   512 Jun  2 18:59 @freezr
drw-rw-r--  2 1001  1001   512 Jun  2 19:27 freezr
-rw-r--r--  1 root  wheel   74 Jun  3 22:33 index.gmi

Files are there!

From the host
Code: 
ls -l /var/www/geminispace.net/
ls: @freezr: Permission denied
ls: freezr: Permission denied
ls: index.gmi: Permission denied
total 0

The folders where the capsule is supposed to be accessible is denied unless I do not use "root pawa":
Code: 
doas ls -l /var/www/geminispace.net/
Password:
total 24
drw-r--r--  2 burnr  burnr  512 Jun  2 18:59 @freezr
drw-rw-r--  2 burnr  burnr  512 Jun  2 19:27 freezr
-rw-r--r--  1 root   wheel   74 Jun  3 22:33 index.gmi

I am not sure why I can't access these folders with the normal user, but, since the error I got is lack of content and those folders are denied, the scenario looks compatible with error 51, unless the access is denied because Bastille is holding that files and folders.

I think the two things are related (denied folders and missing content online) ...?
 
The capsule is online altough is empty...

gemini://warp.geminispace.net

For the curious Amfora TUI client is available as package.

Where do I think was the issue?

I put inside the capsule's root a folder starting with "@" this is probably a reserved/forbidden character that prevented the root to be read or provided by the server.

What does continue to be unexpected?

I created a folder inside the jail /var/www/test/ with and index.gmi and it was served fine by the service inside the jail; then I created in the host a couple of folders (root and a subfolder) /var/www/gemininspace.net/freezr with two index.gmi files for folder; after that I edit the jail fstab file pointing to the host folder and the jail merged the two /var/www folders together, why?

Important to mention

To fully unbind host and jail and I had to restart the host.
 
Speaking with the GMID developer it is ended up that GMID has a bug in the IRI parser that consider "@" a reserved character and might be the main cause of locking down the folder...
 
You must log in or register to reply here.
Back
Top