[Jailkit-users] chrootlaunch from inittab - followup
From:
DTakemori
Subject:
[Jailkit-users] chrootlaunch from inittab - followup
Date:
Sun, 29 Mar 2009 10:54:11 -1000
I've had time to followup with this
and do some experiments.
(This is on CentOS 5.2 w/jailkit 2.5)
The difference between the two situations
(running a jk_chrootlauch
daemon from a command line vs from inittab)
comes from jk_chrootlaunch
passing its environment on to the daemon.
I wrote a tiny little perl "daemon"
to write out its environment and ran it from
jk_chrootlauch both ways.
From inittab:
CONSOLE : /dev/console
HOME : /
INIT_VERSION : sysvinit-2.86
PATH : /bin:/usr/bin:/sbin:/usr/sbin
PREVLEVEL : N
RUNLEVEL : 3
SELINUX_INIT : YES
TERM : linux
So apparently, something not defined
in inittab's environment (just a guess:
USER) can cause permissions problems
for perl (and possibly anything
else).
Should jk_chrootlaunch be updated to
be more like jk_chrootsh and only pass
environment variables defined in an
.ini file? Doubtless it would cause breakage
for some chrootkit users.
Dean Takemori
Systems Support Supervisor
TD Food Group
address@hidden