[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] How to Jail Python Interpreter

From: Gregory Piñero
Subject: Re: [Jailkit-users] How to Jail Python Interpreter
Date: Tue, 18 Sep 2007 20:39:33 -0400

On 9/18/07, Olivier Sessink <address@hidden> wrote:
> Gregory Piñero wrote:
> > On 9/17/07, Gregory Piñero <address@hidden> wrote:
> >> On 9/17/07, Olivier Sessink <address@hidden> wrote:
> >>> you probably need a lot of extra python files as well. My systems has
> >>> lots of files in /usr/lib/python2.4/ that are part of the python global
> >>> libraries.
> >> Yeah, I ended up copying /usr/lib/python2.4 into the jail too.  Is
> >> copying manually the best way, or is there a jailkit tool for this?
> >>
> >>> use jk_chrootlaunch to start a process inside the jail. You can use any
> >>> unprivileged user, so generally it's good to create an account (but it
> >>> doesn't need a shell or a home directory)
> >
> > I tried running my python script like this:
> > $ sudo jk_chrootlaunch -u jailtest -g jailtest -j
> > /srv/jail_for_python/ -x /srv/jail_for_python/usr/bin/python2.4
> > exec_worker.py
> >
> > and got this error:
> > usr/bin/python2.4: can't open file 'exec_worker.py': [Errno 13]
> > Permission denied
> >
> > exec_worker.py is owner by root and the group is root.  Which I
> > figured is what I want since it resides inside the jail?
> but what are the permissions? is user jailtest allowed to read and
> execute it?
> > I also tried providing the full path to the python script like this:
> > $ sudo jk_chrootlaunch -u jailtest -g jailtest -j
> > /srv/jail_for_python/ -x /srv/jail_for_python/usr/bin/python2.4
> > /srv/jail_for_python/exec_worker.py
> remember the process is running inside a jail! So the process doesn't
> know about /srv/jail_for_python. The full path *inside* the jail is
> /exec_worker.py
> you could also add '#!/usr/bin/python2.4' as first line of that file,
> and make it executable, and start
> `sudo jk_chrootlaunch -u jailtest -g jailtest -j /srv/jail_for_python/
> -x /srv/jail_for_python/exec_worker.py`

Ok, that's worked out.  Thanks.  Now my next question.  I'm ultimately
trying to make a simple server/daemon to run code the clients send it
(safely) and return a string of the result.

So I want to bind to a socket (correct terminology?)  But I seem to be
getting denied.  Is there a permission or setting change I can make to
give this script access to a few ports?

Thanks again,


reply via email to

[Prev in Thread] Current Thread [Next in Thread]