Re: [Jailkit-users] libz?

[email builder]

>>>   Hmm.  I zipped up a random README file and used less on it.  When I 

>>>   did that from a normal (non-jailed) account, it tells me:
>>> 
>>>   Archive:  README.zip   3925 bytes   1 file
>>>   -rw-r--r--  2.3 unx     9564 tx defN 21-Dec-11 23:55 README
>>>   1 file, 9564 bytes uncompressed, 3781 bytes compressed:  60.5%
>>> 
>>>   But when I su to a jailed user (or ssh to a jailed user), I get this:
>>> 
>>>   WARNING: terminal is not fully functional
>>>   "README.zip" may be a binary file.  See it anyway?
>>> 
>>>   I hit "y" and then I see lots of e.g. 
>>>    "<F5><CE><9A>-<B01>" which
>>>   goes on randomly for a few pages.
>>> 
>>>   I'm not sure if that's just a terminal issue or if less/libz
>>>   is malfunctioning.  (I tend to think it might just be the
>>>   account's terminal?)
>> 
>>  no this looks to like the 'less' inside the jail is either a
>>  different less, or it is missing the zip functionality or library
>>  (I don't know what it needs to read zip files).
> 
> OK thanks. But if there's some lib missing for it to work,
> shouldn't jk_init or jk_update catch it?



>>>   *Something* had to require it to make jk_init put it into
>>>   the jail, right?  What process does jk_init use to determine
>>>   that?
>> 
>>  jk_init and jk_cp use ldd on all the binaries. However, yu cannot see 
>>  all libraries with ldd, libraries that are opened with ldopen() cannot 
>>  be detected that way.
> 
> Hmm, ok, well it seems like there's nothing I can
> do to see what the problem is/was.


>>>   Normally, does jk_update *remove* unused libraries?
>> 
>>  nope, it only detects differences between the real system and the jail
>> 
>>>   Or is it normal to have a situation like this with what
>>>   could be an orphaned library in the jail?  (Although it
>>>   seems we don't know for sure that it should not be in
>>>   the jail)
>> 
>>  I normally have my jails all configured in jk_init.ini, so after a major 
>>  operating system update I can recreate the jail from scratch using a 
>>  single jk_init command (and then copy the data back into the jail.
> 
> Maybe I'll try to figure out how I can do that myself.  I would 
> suggest this as a good FAQ on the jailkit website.

Can you make any suggestions about how to preserve the jailed
user info?  Is it sufficient to retain /etc/passwd and /etc/shadow
(the ones from the jail) and nothing else?  

(User data is separate of course)

It'd be nice to have a FAQ that even presents a script for this.

Thanks.