jailkit-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] ssh from jailed user


From: Richard Scott
Subject: Re: [Jailkit-users] ssh from jailed user
Date: Wed, 19 Feb 2014 09:44:59 +0000
User-agent: Roundcube Webmail/0.9.5

Hi,

What mount options do you use?

Rich

On 19/02/2014 08:03, OCEANET - Cédric BASSAGET wrote:

Hello,

address@hidden ~]$ echo "foo" > /dev/null
bash: /dev/null: Permission denied

I don't have selinux or apparmor enabled on this server...

Regards,
Cédric




Le 18/02/2014 21:40, Olivier Sessink a écrit :
On 02/18/2014 01:22 PM, OCEANET - Cédric BASSAGET wrote:
Hi Olivier and others,

FS is ext3 so I don't think it's the problem.

Here's the end of the output of 'strace ssh' :
futex(0x7fffc6ce6d0c, FUTEX_WAKE_PRIVATE, 1) = 0
futex(0x7fffc6ce6d0c, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 1, NULL, 7f43905417c0) = -1 EAGAIN (Resource temporarily unavailable)
rt_sigaction(SIGRTMIN, {0x7f438d3d9c60, [], SA_RESTORER|SA_SIGINFO, 0x7f438d3e3710}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x7f438d3d9cf0, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7f438d3e3710}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
statfs("/selinux", 0x7fffc6ce6c50)      = -1 ENOENT (No such file or directory)
brk(0)                                  = 0x7f43907ba000
brk(0x7f43907db000)                     = 0x7f43907db000
open("/proc/filesystems", O_RDONLY)     = -1 ENOENT (No such file or directory)
access("/usr/share/dracut/modules.d/01fips", F_OK) = -1 ENOENT (No such file or directory)
open("/dev/null", O_RDWR)               = -1 EACCES (Permission denied)
write(2, "Couldn't open /dev/null: Permiss"..., 43Couldn't open /dev/null: Permission denied
) = 43
exit_group(1)                           = ?

the full strace is viewable here : http://pastebin.com/5SS6K0Nu

weird. do you have a full shell available inside the jail?

can you, for example "echo foo > /dev/null" ? Or does that also result in a permission denied?

Is there an extra security mechanism running on the computer that could prevent access like SELinux or AppArmor?

Olivier

-- 
Bluefish website http://bluefish.openoffice.nl/
Blog http://oli4444.wordpress.com/


_______________________________________________
Jailkit-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/jailkit-users


_______________________________________________
Jailkit-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/jailkit-users

reply via email to

[Prev in Thread] Current Thread [Next in Thread]