nongnu nongnu - jailkit jailkit-dev

[bug #59732] Centos 8 Support

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
11 messages Options
Klaus Rudolph-2
Reply | Threaded
Open this post in threaded view
|

[bug #59732] Centos 8 Support

Klaus Rudolph-2
URL:
  <https://savannah.nongnu.org/bugs/?59732>

                 Summary: Centos 8 Support
                 Project: Jailkit
            Submitted by: pigro95
            Submitted on: Sat 19 Dec 2020 10:00:59 PM UTC
                Category: None
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any

    _______________________________________________________

Details:

There are Libraries in newer versions and on another location.

Jailkit doesn't work on Centos 8.




    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/bugs/?59732>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/


_______________________________________________
Jailkit-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/jailkit-dev
Klaus Rudolph-2
Reply | Threaded
Open this post in threaded view
|

[bug #59732] Centos 8 Support

Klaus Rudolph-2
Follow-up Comment #1, bug #59732 (project jailkit):


[comment #0 original submission:]
> There are Libraries in newer versions and on another location.
>
> Jailkit doesn't work on Centos 8.

can you give some more detailed errors?

is it compile errors, or is the default config for jk_init not working on
centos or what is the problem?

    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/bugs/?59732>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/


_______________________________________________
Jailkit-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/jailkit-dev
Klaus Rudolph-2
Reply | Threaded
Open this post in threaded view
|

[bug #59732] Centos 8 Support

Klaus Rudolph-2
Follow-up Comment #2, bug #59732 (project jailkit):

There was no compile error I think.

The default config for jk_init seems not working.

I can create a jail but there are some messages that files doesn't exists. I
think some of these messages are normal?

When I login as a jailed user, there is no chroot. I can't see the normal root
from the system.

libnsl.so.1 doesn't exists on Centos 8. There is the version libnsl.so.2.

Maybe there are other libs changed/no longer exists.



    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/bugs/?59732>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/


_______________________________________________
Jailkit-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/jailkit-dev
Klaus Rudolph-2
Reply | Threaded
Open this post in threaded view
|

[bug #59732] Centos 8 Support

Klaus Rudolph-2
Follow-up Comment #3, bug #59732 (project jailkit):

[comment #2 comment #2:]
>
> When I login as a jailed user, there is no chroot. I *can* see the normal
root from the system.
>





    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/bugs/?59732>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/


_______________________________________________
Jailkit-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/jailkit-dev
Klaus Rudolph-2
Reply | Threaded
Open this post in threaded view
|

[bug #59732] Centos 8 Support

Klaus Rudolph-2
Follow-up Comment #4, bug #59732 (project jailkit):


[comment #2 comment #2:]
> There was no compile error I think.
>
> The default config for jk_init seems not working.
>
> I can create a jail but there are some messages that files
> doesn't exists. I think some of these messages are normal?

yes the config file has files for various linux distributions, so it tries the
same files on different locations.


>
> When I login as a jailed user, there is no chroot.
> I can't see the normal root from the system.

this is very strange, this should never happen. this user does have
jk_chrootsh as shell? What errors are in the logs?


> libnsl.so.1 doesn't exists on Centos 8. There is the
> version libnsl.so.2.

ahh that should be updated in jk_init.ini then.

    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/bugs/?59732>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/


_______________________________________________
Jailkit-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/jailkit-dev
Klaus Rudolph-2
Reply | Threaded
Open this post in threaded view
|

[bug #59732] Centos 8 Support

Klaus Rudolph-2
Follow-up Comment #5, bug #59732 (project jailkit):

I attached a file with the commands i used an the outputs. Also the line from
the user in /etc/passwd.

(file #50527)
    _______________________________________________________

Additional Item Attachment:

File name: jailkit.txt                    Size:12 KB
    <https://file.savannah.nongnu.org/file/jailkit.txt?file_id=50527>



    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/bugs/?59732>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/


_______________________________________________
Jailkit-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/jailkit-dev
Klaus Rudolph-2
Reply | Threaded
Open this post in threaded view
|

[bug #59732] Centos 8 Support

Klaus Rudolph-2
Follow-up Comment #6, bug #59732 (project jailkit):

I've already made a symlink libnsl.so.2 -> libnsl.so.1

    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/bugs/?59732>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/


_______________________________________________
Jailkit-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/jailkit-dev
Klaus Rudolph-2
Reply | Threaded
Open this post in threaded view
|

[bug #59732] Centos 8 Support

Klaus Rudolph-2
Follow-up Comment #7, bug #59732 (project jailkit):

ahh, the issue is "sudo"

sudo does not start the login shell, so you cannot test a jail with sudo. ssh
test@localhost is a better test.

    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/bugs/?59732>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/


_______________________________________________
Jailkit-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/jailkit-dev
Klaus Rudolph-2
Reply | Threaded
Open this post in threaded view
|

[bug #59732] Centos 8 Support

Klaus Rudolph-2
Follow-up Comment #8, bug #59732 (project jailkit):


[comment #6 comment #6:]
> I've already made a symlink libnsl.so.2 -> libnsl.so.1

not sure if they are compatible. You probably want to jk_cp libnsl.so.2 into
the jail.

    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/bugs/?59732>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/


_______________________________________________
Jailkit-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/jailkit-dev
Klaus Rudolph-2
Reply | Threaded
Open this post in threaded view
|

[bug #59732] Centos 8 Support

Klaus Rudolph-2
Follow-up Comment #9, bug #59732 (project jailkit):

[comment #7 comment #7:]
> ahh, the issue is "sudo"
>
> sudo does not start the login shell, so you cannot test a jail with sudo.
ssh test@localhost is a better test.

That looks better.

[root@server ~]# ssh test@localhost
bash: /usr/bin/id: No such file or directory
bash: /usr/bin/id: No such file or directory
[test@server ~]$ ls /
bin  dev  etc  home  lib64  usr

I didn't know that sudo don't use the login shell from the user.

Now I just need to find out why /usr/bin/id where not found.


[comment #8 comment #8:]
>
> [comment #6 comment #6:]
> > I've already made a symlink libnsl.so.2 -> libnsl.so.1
>
> not sure if they are compatible. You probably want to jk_cp libnsl.so.2 into
the jail.

Now I added libnsl.so.2 path in /etc/jailkit/jk_init.ini and removed the
symlink.

I don't know if libnsl.so.2 is compatible to libnsl.so.1. I hope so. But I
also didn't know for what this library is. ;)

If you wan't to add these to the project the paths are  /lib/libnsl.so.2,
/lib64/libnsl.so.2


Thanks for help.

    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/bugs/?59732>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/


_______________________________________________
Jailkit-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/jailkit-dev
Klaus Rudolph-2
Reply | Threaded
Open this post in threaded view
|

[bug #59732] Centos 8 Support

Klaus Rudolph-2
Follow-up Comment #10, bug #59732 (project jailkit):

jk_cp -j /var/jail /usr/bin/id



    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/bugs/?59732>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/


_______________________________________________
Jailkit-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/jailkit-dev
Free forum by Nabble Edit this page