[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Jailkit-users] `git clone` allowing access to files outside chroot

From: Daniel Lo Nigro
Subject: [Jailkit-users] `git clone` allowing access to files outside chroot
Date: Thu, 11 Jul 2013 23:41:40 +1000


Firstly, thanks for Jailkit. I stumbled on it while searching for how to create a chroot jail. Wish I had found it earlier, it's a very handy tool!

I'm using Debian Testing. Here's what I've done for my setup:

jk_init -v -j /home/jail basicshell editors extendedshell netutils ssh sftp scp git
jk_jailuser  -m -j /home/jail/ -s /bin/bash test

Connecting via SSH and SFTP are both fine, and the user is jailed as expected. There is a Git repository at /home/test/git/example in the jail. When I try to clone this Git repository, it fails:

address@hidden:/tmp$ git clone ssh://example.com/home/test/git/example .
Cloning into '.'...
fatal: '/home/test/git/example' does not appear to be a git repository
fatal: Could not read from remote repository.

Please make sure you have the correct access rights and the repository exists.

However, if I use the full path (/home/jail/...), it works:
address@hidden:/tmp$ git clone ssh://example.com/home/jail/home/test/git/example .
Cloning into '.'...
remote: Counting objects: 6, done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 6 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (6/6), done.

This leads me to believe that Git isn't being jailed for some reason. Any ideas on how to fix my configuration so that SSH login shells and SFTP are jailed, and Git is also jailed?


Daniel Lo Nigro
http://dan.cx/ | http://twitter.com/Daniel15

reply via email to

[Prev in Thread] Current Thread [Next in Thread]