[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jailkit-users] I can't jail mldonkey
From: |
Michal Soltys |
Subject: |
Re: [Jailkit-users] I can't jail mldonkey |
Date: |
Tue, 04 Nov 2008 10:48:56 +0100 |
User-agent: |
Thunderbird 2.0.0.17 (Windows/20080914) |
some one wrote:
I've been trying the jailkit method of jailing mlnet and I follow the
instructions as best I can (http://mldonkey.sourceforge.net/Chroot#JailKit) and
when I try to do:
su mldonkey
Mld is pretty tricky to start chrooted. First - don't rely on any of its
internal settings (in case you do - mldonkey will create / adjust part
of its files with 0:0 access rights, and then happily fail after
privilege separation, as it will have no access to them).
What I use currently (note this is a small overkill and could be trimmed
down further):
[commons]
comment = Common files
regularfiles =
/etc/nsswitch.conf,/etc/hosts,/etc/localtime,/etc/resolv.conf,/etc/services,/etc/protocols,/etc/host.conf,/etc/ld.so.conf
users = root
groups = root
devices = /dev/null,/dev/urandom,/dev/zero,/dev/random
libraries =
/lib/libnss*.so.2,/lib/libnsl.so.1,/usr/lib/locale*,/usr/lib/libncurses*.so.?.?
executables = /bin/false,/bin/true
emptydirs = /tmp,/var/tmp,/var/run
[p2p]
comment = typical p2p prerequisites
libraries = /usr/lib/libGeoIP*.so.?.?.?
directories = /usr/share/GeoIP,/etc/geoip,/usr/share/misc/file,/etc/fonts
[mld]
comment = mldonkey
users = ed2k
groups = ed2k
includesections = commons, p2p
executables = /bin/mlnet
And then it's started with:
HOME=/data chrootuid /ed2k ed2k /bin/mlnet -pid /var/run -log_to_syslog
true &>/dev/null &
Section named [p2p] is also used by chrooted amuled.
/data is under chrooted directory, where ed2k:ed2k has write access.
That HOME is pretty important - as mld will (as it should) try to write
all its settings under $HOME, which will likely be /root or in case of
sudo [-s] - your regular-admin user's home (assuming typical sudo settings).
Good luck :)