Re: [Jailkit-users] chrootlaunch from inittab

jailkit-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] chrootlaunch from inittab

From:	DTakemori
Subject:	Re: [Jailkit-users] chrootlaunch from inittab
Date:	Sun, 22 Mar 2009 12:11:15 -1000

>Date: Sat, 21 Mar 2009 09:50:42 +0100
>From: Olivier Sessink <address@hidden>
>Subject: Re: [Jailkit-users] chrootlaunch from inittab
>To: address@hidden
>Message-ID: <address@hidden>
>Content-Type: text/plain; charset=ISO-8859-1
>
>> What's not entirely clear to me is why running the jk_chrootlaunch from the
>> root command line would cause the chrooted foo user to have read permission
>> but not the foo user in the chroot from /etc/inittab.
>
>hmm that doesn't sound good indeed. If you check the UID (ps axu) for
>the process when running jk_chrootlaunch from the commandline, does it
>show the correct user?

Yes.

To sum up; There appears to be a difference between running jk_chrootlaunch
from (1) the comand line and from (2) /etc/inittab (2)

~> chmod o-rx /usr/lib/perl5

1)
~> jk_chrootlaunch -u foo -g foo -j /var/foojail -x /usr/local/bin/foo -- -c /usr/local/etc/foo.conf

Will succesfully launch a process owned by foo

~> ps xau | grep /bin/foo
foo 2589 0.3 2.2 14616 11596 pts/0 S+ 11:36 0:00 /usr/bin/perl -w /usr/local/bin/foo -c /usr/local/etc/foo.conf
root 2615 0.0 0.1 3912 664 pts/1 R+ 11:40 0:00 grep bin/foo

2)
And so will jk_chrootlaunch from /etc/inittab. (It took quite a few tries to capture these)

~> grep foo /etc/inittab
N1:345:respawn:jk_chrootlaunch -u tuxx -g tuxx -j /var/jails/dev -x jk_chrootlaunch -u foo -g foo -j /var/foojail -x /usr/local/bin/foo -- -c /usr/local/etc/foo.conf

~> kill -HUP 1 && ps xa | grep bin/foo
root 3668 0.0 0.1 1784 572 ? Rs 11:53 0:00 jk_chrootlaunch -u foo -g foo -j /var/foojail -x /usr/local/bin/foo -- -c /usr/local/etc/foo.conf

~> kill -HUP 1 && ps xa | grep bin/foo
foo 4409 0.0 0.0 220 92 ? Rs 12:02 0:00 /usr/bin/perl -w /usr/local/bin/foo -c /usr/local/etc/foo.conf

But this one dies repeatedly until

Mar 22 12:00:32 testmachine init: Id "N1" respawning too fast: disabled for 5 minutes

Functionally, the /etc/inittab way works once /usr/lib/perl5 is made world-readable again.

Dean Takemori
Systems Support Supervisor
TD Food Group
address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

[Jailkit-users] chrootlaunch from inittab, DTakemori, 2009/03/17
- Re: [Jailkit-users] chrootlaunch from inittab, Olivier Sessink, 2009/03/17
- Re: [Jailkit-users] chrootlaunch from inittab, DTakemori, 2009/03/19
  - Re: [Jailkit-users] chrootlaunch from inittab, Olivier Sessink, 2009/03/19
    - Re: [Jailkit-users] chrootlaunch from inittab, yellow protoss, 2009/03/19
- Re: [Jailkit-users] chrootlaunch from inittab, DTakemori, 2009/03/19
  - Re: [Jailkit-users] chrootlaunch from inittab, Olivier Sessink, 2009/03/20
- Re: [Jailkit-users] chrootlaunch from inittab, DTakemori, 2009/03/20
- Re: [Jailkit-users] chrootlaunch from inittab, DTakemori, 2009/03/20
  - Re: [Jailkit-users] chrootlaunch from inittab, Olivier Sessink, 2009/03/21
- Re: [Jailkit-users] chrootlaunch from inittab, DTakemori <=
  - Re: [Jailkit-users] chrootlaunch from inittab, Olivier Sessink, 2009/03/22
- Re: [Jailkit-users] chrootlaunch from inittab, DTakemori, 2009/03/22

Prev by Date: Re: [Jailkit-users] chrootlaunch from inittab
Next by Date: Re: [Jailkit-users] chrootlaunch from inittab
Previous by thread: Re: [Jailkit-users] chrootlaunch from inittab
Next by thread: Re: [Jailkit-users] chrootlaunch from inittab
Index(es):
- Date
- Thread