Simple guide for executable chroot jail
1. Install Jailkit, CentOS rpm available in rpmforge repo.
2. mkdir -p # to define your jail root
3. jk_init -v -j ssh # to allow ssh in your jail
4. jk_jailuser -j # to move the user into the jail
5. Edit /etc/jailkit/jk_init.ini and /etc/jailkit/jk_socketd.ini # to match your system
6. jk_cp -v -f /bin/bash # to allow users to login bash in the jail
7. repeat 6 on other commands you want the user to run
8. mkdir -p /proc; mkdir -p /dev
9. edit /etc/init.d/jailkit to mount /proc /dev /dev/pts
10. mkdir -p /var/lib/rpm
11. rpm –rebuilddb –root= # this enable you to install packages in the jail
12. yum –installroot= install redhat-release-server-6Server # to define your repo
13. yum –installroot= install -y rpm-build yum # to make yum available inside your jail
14. test your applications in the jail and repeat 11 if any packages are missing
One Comment
Leave a Reply
You must be logged in to post a comment.
To make many GUI programs working in chroot, add
proc /chroot/proc proc defaults 0 0
/dev /chroot/dev none _netdev,bind 0 0
/selinux /chroot/selinux none _netdev,bind 0 0
devpts /chroot/dev/pts devpts defaults 0 0
in your /etc/fstab and mount them.