[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] chrootlaunch from inittab

From: DTakemori
Subject: Re: [Jailkit-users] chrootlaunch from inittab
Date: Fri, 20 Mar 2009 12:38:52 -1000

>From: Olivier Sessink
>Subject: Re: [Jailkit-users] chrootlaunch from inittab
>Date: Fri, 20 Mar 2009 19:51:22 +0100
>User-agent: Thunderbird (X11/20090105)
>> I am now suspecting that this is a problem in the perl script, not
>> jailkit.  The
>> script (I am not the author of it) is probably either using something in
>> root's environment that's not in inittab's or accessing something that's
>> not copied over into the jail.
>but if you run it from the shell (including jk_chrootlaunch) it works?

Found the problem!

For the archives: here's how I found it.

1) I added an /etc/jk_uchrootsh.ini which allowed user foo into
the jail /var/foojail

2) I logged in as user foo

3) ran jk_uchroot  -j /var/foojail -x /usr/local/bin/foo -- -c /usr/local/etc/foo.conf

4) This gave me a perl error of "Can't locate bar.pm in @INC"  I checked the
includes directories and found that the jailed /usr/local/lib/perl5/foo/ directory
containing bar.pm was not world readable.  (The unjailed bar.pm had group
readable permissions - it's an odd install )

What's not entirely clear to me is why running the jk_chrootlaunch from the
root command line would cause the chrooted foo user to have read permission
but not the foo user in the chroot from /etc/inittab.

(And anyway the whole thing might be moot for me, since this process
apparently interacts with crond and thus becomes nearly impossible to jail
multiple instances cleanly.)

Dean Takemori
Systems Support Supervisor
TD Food Group

reply via email to

[Prev in Thread] Current Thread [Next in Thread]