|| at Sep 12, 2012 at 7:02 pm
Thanks for the suggestion Ben.
Jailtool does install from a repo, though it doesn't do automatic
dependency resolution. You have to specify them yourself which is a pain
and pretty error prone. I think the issue was that while I'd specified all
the nodejs deb package dependencies I'd forgotten the
python-software-properties one which includes a lot of crypto libs.
In the end I solved it late yesterday using debootstrap and schroot<https://help.ubuntu.com/community/DebootstrapChroot
>which gave me access to the package manager. From there I simply installed
node as per the Ubuntu instructions on the node JS wiki<https://github.com/joyent/node/wiki/Installing-Node.js-via-package-manager
It's not quite as minimal an environment as I'd originally hoped, but it's
easier to maintain and still reasonably secure.
Along the way I also created a small program to help with the actual
jailing of processes. We're using this in conjunction with
child_process.spawn to safely execute untrusted code from our parent node
HTTP server. I've open sourced it here: https://github.com/Hubify/jailor.
On Tuesday, September 11, 2012 5:34:34 PM UTC-7, Ben Noordhuis wrote:
I'm getting the following error when calling https.request in my node
nodejs: ../src/node_crypto.cc:752: void
`handle_->Get(String::New("error"))->BooleanValue() == false' failed.
The node process is running inside a chroot on Ubuntu. I built the chroot
using jailtool and as far as I can tell node should have all the necessary
dependencies available to it. The way I checked was to run apt-rdepends
nodejs and made sure that all the libs were inside the jail. The jail also
has access to /dev/null and /dev/random.
Besides https everything else seems to be running fine. I can make http
calls no problem and the rest of my code runs without error.
Running the same script outside the jail works.
What am I missing?
Is your node binary installed from a repo? What happens if you compile
from (upstream) source?
Job Board: http://jobs.nodejs.org/
Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to email@example.com
To unsubscribe from this group, send email to
For more options, visit this group athttp://groups.google.com/group/nodejs?hl=en?hl=en