>From: Olivier Sessink
>Subject: Re: [Jailkit-users] chrootlaunch
from inittab
>Date: Fri, 20 Mar 2009 19:51:22
+0100
>User-agent: Thunderbird 2.0.0.19
(X11/20090105)
>
>> I am now suspecting that this is a problem in the perl script,
not
>> jailkit. The
>> script (I am not the author of it) is probably either using
something in
>> root's environment that's not in inittab's or accessing something
that's
>> not copied over into the jail.
>
>but if you run it from the shell (including jk_chrootlaunch) it works?
Found the problem!
For the archives: here's how I found
it.
1) I added an /etc/jk_uchrootsh.ini
which allowed user foo into
the jail /var/foojail
2) I logged in as user foo
3) ran jk_uchroot -j /var/foojail
-x /usr/local/bin/foo -- -c /usr/local/etc/foo.conf
4) This gave me a perl error of "Can't
locate bar.pm in @INC" I checked the
includes directories and found that
the jailed /usr/local/lib/perl5/foo/ directory
containing bar.pm was not world readable.
(The unjailed bar.pm had group
readable permissions - it's an odd install
)
What's not entirely clear to me is why
running the jk_chrootlaunch from the
root command line would cause the chrooted
foo user to have read permission
but not the foo user in the chroot from
/etc/inittab.
(And anyway the whole thing might be
moot for me, since this process
apparently interacts with crond and
thus becomes nearly impossible to jail
multiple instances cleanly.)
Dean Takemori
Systems Support Supervisor
TD Food Group
address@hidden