DNS resolution error under php-fpm chroot

Question

After days of intensive search to solve my problem, I couldn't get anything that worked, so here it is.
I'm running a chrooted php with FastCGI and php-fpm (under Ubuntu 16.04 with php7), which works well, however I get the expected DNS resolution problem, for example when trying to file_get_content : file_get_contents(): php_network_getaddresses: getaddrinfo failed .

I looked online quite a bit and here's what i've already tried (without success) :

• I used the methods described here , and also tried to adapt this tutorial in order to copy all the libraries used by php, and of course copied hosts and resolv files
• I also tried to use nscd to link hosts file inside and outside the chroot by mounting it inside the chroot at /var/run/nscd
• I also got some SSL issues, so I downloaded this certificate and put it where the default php-curl certificate was probably missing (found after openssl_get_cert_locations() : ["default_cert_file"]=> string(21) "/usr/lib/ssl/cert.pem )
  edit: This doesn't seem to do much as phpinfo() returns no value for the certs files ( see ), so maybe I should tweak a bit openssl config file but I really don't know what to look for.

Using debootstrap (or other programs like this) is not an option for me, because it creates a too large chroot, and I'm willing to keep it lightweight and fast to create as I could have many chroots running on one machine.

Plus, here are my config files, however I doubt the problem to be here because most php functions work well under chroot :

Default php-fpm pool:

[${username}]
user = ${username}
group = www-data
listen = /run/php/php7.0-fpm.${username}.sock
listen.owner = ${username}
listen.group = www-data
pm = ondemand
pm.max_children = 20
pm.process_idle_timeout = 10s
pm.max_requests = 250
chroot = /var/www/${username}
chdir = /

Default apache virtualhost file :

<VirtualHost *:80>
  ServerName www.${domain}
  ServerAlias ${domain}
  ServerAdmin webmaster@${domain}
  DocumentRoot /var/www/${username}/var/www/${username}
  <IfModule mod_fastcgi.c>
    AddHandler php7-fcgi-${username} .php
    Action php7-fcgi-${username} /php7-fcgi-${username} virtual
    Alias /php7-fcgi-${username} /usr/lib/cgi-bin/php7-fcgi-${username}
    FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi-${username} -socket /var/run/php/php7.0-fpm.${username}.sock -pass-header Authorization
      <Directory /usr/lib/cgi-bin>
      Require all granted
      </Directory>
    </IfModule>
</VirtualHost>

Thanks !

Answer 1

Under Ubuntu 16.04, you need at least these files in your chroot:

etc/resolv.conf
lib/libnss_dns.so.2

You can hardlink to prevent using extra disk space (only works when the chroot is on the same partition as /lib):

ln --logical /lib/x86_64-linux-gnu/libnss_dns.so.2 /chroot/lib

If it still fails (future Ubuntu?) you can debug the issue by running strace -e file -fp $(pgrep fpm)