|
From: | Olivier Sessink |
Subject: | Re: [Jailkit-users] How to Jail Python Interpreter |
Date: | Tue, 18 Sep 2007 23:29:10 +0200 |
User-agent: | Icedove 1.5.0.12 (X11/20070607) |
Gregory Piñero wrote:
On 9/17/07, Gregory Piñero <address@hidden> wrote:On 9/17/07, Olivier Sessink <address@hidden> wrote:you probably need a lot of extra python files as well. My systems has lots of files in /usr/lib/python2.4/ that are part of the python global libraries.Yeah, I ended up copying /usr/lib/python2.4 into the jail too. Is copying manually the best way, or is there a jailkit tool for this?use jk_chrootlaunch to start a process inside the jail. You can use any unprivileged user, so generally it's good to create an account (but it doesn't need a shell or a home directory)I tried running my python script like this: $ sudo jk_chrootlaunch -u jailtest -g jailtest -j /srv/jail_for_python/ -x /srv/jail_for_python/usr/bin/python2.4 exec_worker.py and got this error: usr/bin/python2.4: can't open file 'exec_worker.py': [Errno 13] Permission denied exec_worker.py is owner by root and the group is root. Which I figured is what I want since it resides inside the jail?
but what are the permissions? is user jailtest allowed to read and execute it?
I also tried providing the full path to the python script like this: $ sudo jk_chrootlaunch -u jailtest -g jailtest -j /srv/jail_for_python/ -x /srv/jail_for_python/usr/bin/python2.4 /srv/jail_for_python/exec_worker.py
remember the process is running inside a jail! So the process doesn't know about /srv/jail_for_python. The full path *inside* the jail is /exec_worker.py
you could also add '#!/usr/bin/python2.4' as first line of that file, and make it executable, and start
`sudo jk_chrootlaunch -u jailtest -g jailtest -j /srv/jail_for_python/ -x /srv/jail_for_python/exec_worker.py`
regards, Olivier
[Prev in Thread] | Current Thread | [Next in Thread] |