Re: chroot jail problem

To: debian-user <debian-user@lists.debian.org>
Subject: Re: chroot jail problem
From: Reco <recoverym4n@gmail.com>
Date: Fri, 14 Feb 2014 20:40:45 +0400
Message-id: <20140214204045.fff69528cac83d874383465c@gmail.com>
In-reply-to: <CANz54jrCmmP11iSPfDPce-TeMbnWBSwuFL4t7s2cvPBoVE5sCQ@mail.gmail.com>
References: <CANz54jpn2QVjr6HJuxf2s4tocuFQud+n_AiDRuGBqSQkS+hezA@mail.gmail.com> <1392379351.7260.97.camel@archlinux> <CANz54jpD2UcoVVD+rUdifsC18niQu_Hq318VoLoUsy6S0jAVjw@mail.gmail.com> <20140214123504.GA29510@x101h> <CANz54jrCmmP11iSPfDPce-TeMbnWBSwuFL4t7s2cvPBoVE5sCQ@mail.gmail.com>

On Fri, 14 Feb 2014 14:01:55 +0100
Antonio Fernández Pérez <antoniofernandez@fabergames.com> wrote:

> Ups! Sorry, I forgot paste the link.
> 
> I have used this: wget
> http://www.fuschlberger.net/programs/ssh-scp-sftp-chroot-jail/make_chroot_jail.sh

Ok. So, this script was written before Debian implemented multilib,
which, in turn, changed filesystem layout.
So, 
/lib/libnsl.so.1
now lives at
/lib/x86_64-linux-gnu/libnsl.so.1

What's worse, is that some libraries have changed soname since then. So,
/lib/libcap.so.1
became
/lib/x86_64-linux-gnu/libcap.so.2

A quick fix to that is attached to this e-mail.

> Maybe I should to implment chroot jail technique with another methods ...

Possibly. I'd use debootstrap for that.

Reco

--- make_chroot_jail.sh.orig	2014-02-14 20:35:37.466358387 +0400
+++ make_chroot_jail.sh	2014-02-14 20:38:27.150352350 +0400
@@ -469,7 +469,8 @@
   # needed for scp on RHEL
   echo "export LD_LIBRARY_PATH=/usr/kerberos/lib" >> ${JAILPATH}/etc/profile
 elif [ "$DISTRO" = DEBIAN ]; then
-  cp /lib/libnss_compat.so.2 /lib/libnsl.so.1 /lib/libnss_files.so.2 /lib/libcap.so.1 /lib/libnss_dns.so.2 ${JAILPATH}/lib/
+  cp /lib/x86_64-linux-gnu/libnss_compat.so.2 /lib/x86_64-linux-gnu/libnsl.so.1 /lib/x86_64-linux-gnu/libnss_files.so.2 \
+	/lib/x86_64-linux-gnu/libcap.so.2 /lib/x86_64-linux-gnu/libnss_dns.so.2 ${JAILPATH}/lib/
 else
   cp /lib/libnss_compat.so.2 /lib/libnsl.so.1 /lib/libnss_files.so.2 /lib/libcap.so.1 /lib/libnss_dns.so.2 ${JAILPATH}/lib/
 fi

Reply to:

Follow-Ups:
- Re: chroot jail problem
  - From: Antonio Fernández Pérez <antoniofernandez@fabergames.com>

References:
- chroot jail problem
  - From: Antonio Fernández Pérez <antoniofernandez@fabergames.com>
- Re: chroot jail problem
  - From: Ralf Mardorf <ralf.mardorf@alice-dsl.net>
- Re: chroot jail problem
  - From: Antonio Fernández Pérez <antoniofernandez@fabergames.com>
- Re: chroot jail problem
  - From: Reco <recoverym4n@gmail.com>
- Re: chroot jail problem
  - From: Antonio Fernández Pérez <antoniofernandez@fabergames.com>

Prev by Date: Re: chroot jail problem
Next by Date: RE: iptables and redirection traffic from one PC to another
Previous by thread: Re: chroot jail problem
Next by thread: Re: chroot jail problem
Index(es):
- Date
- Thread