jailkit-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] chroot nxserver

From: Olivier Sessink
Subject: Re: [Jailkit-users] chroot nxserver
Date: Mon, 17 Mar 2008 08:31:03 +0100
User-agent: Thunderbird 2.0.0.12 (X11/20080227) 
Hi wrote:

I am now crossposting to both the freenx list and the
jailkit list.


I can probably only answer on the jailkit list. We'll see.


Yes the paths are all wrong as to what is currently in
the jail for executables. That was a given I missed. Adjusting the paths to the correct version off the GPL 
nxserver I am using (still working on that).  What is
the paths_w_owner option?


see `man jk_init`
those files/directories are copied while retaining their ownership. All files/directories that are in 'paths' become owned by root:root 


So your saying I should jk_jailuser -j /home/jail nx


yup.


So then after appending proper paths to the jk_ini
files I should also add...
[nx]
comment = NX jail for the nx daemon
user = nx, nobdy group = nx, nogroup 
executables = #With the proper paths for the software
versions I am running)
directories = /usr/NX (Proper Directories as well)
includesections = uidbasics, netbasics, logbasics,
ssh, basicshell,extendedshell, chown, mount, umount,
xauth, xterm, xclock, which,xfonts, expr, tee, xset,
dirname, hostname, basename
devices = /dev/null (can I add /dev/none here?)
`executables` and `directories` are deprecated options, see the jk_init manual. You need `paths` and `paths_w_owner`
Well I know it is running outside the jail for sure.
I'm pretty sure that both user nx and the final user must be in the same jail because they share some files. Correct me if I'm wrong. 

[..]


Yes using jk_cp makes the permissions different.


see `man jk_cp`. use option -o or --owner to retain the ownership

>  I
have changed them to match what is outside the jail. Someone on the freenx list must have done this by now. 
 I have scanned all two years worth of the
unsearchable list for chroot with 0 occurances.  A
guide should be made.  For one thing I'm not using no
machine directory structure.
address@hidden nx]# ./nxserver --Version
NX> 100 NXSERVER - Version 1.5.0-60 OS (GPL)
NX> 500 Error: Function --Version not implemented yet.
NX> 999 Bye

which does work just fine.
now try `chroot <yourjail>` as root and give the same command. Does it still work as expected? 

regards,
        Olivier
reply via email to
[Prev in Thread] Current Thread [Next in Thread]