Re: [Jailkit-users] Jail broken after jk_init perl and jk_cp logger

[Dimitri]

On 10/12/20 1:08 pm, Dimitri wrote:

Hi and thanks for a great user management tool.

In the process of setting up a git repository using gitolite on my server and following the instructions at https://gitolite.com/gitolite/fool_proof_setup#fool-proof-step-by-step-install-and-setup,  I managed to break the jail of the virtual host which I'm intending to use. (I am using ISPConfig to manage my virtual-hosts.)

During the gitolite install, I found I needed to add Perl to the jail and performed `jk_init -v -f <rootJailFolder> perl`.  However, this did not fix the install script and I needed to add some additional libraries.  My modified [perl] definition, which fixed the issue I was having at this point, is:

[perl]
comment = the perl interpreter and libraries
executables = /usr/bin/perl
directories = /usr/lib/perl, /usr/lib/perl5, /usr/share/perl, /usr/share/perl5, /usr/lib/x86_64-linux-gnu/perl, /usr/lib/x86_64-linux-gnu/perl5, /usr/lib/x86_64-linux-gnu/perl-base

After doing this, I came across another problem where 'logger' was not found, so I added `regularfiles = /usr/bin/logger` to the [perl] definition, but used jk_cp to actually copy it into the jail (which carried with it a lot of dependencies, though it appears that some may have been missed).

On the next run, instead of getting Perl error messages, I received a SEG FAULT.

Subsequent to the SEG FAULT, I have not been able to `chroot` into the jail.

I suspect that either:
    some required files were not copied across when I added `/usr/bin/logger`
    some environment variable definition is missing, or
    there is a folder either missing or has the wrong permissions
which are causing the SEG FAULT.

As I'm only trivially familiar with Perl, I'm not  quite sure where to look and what to do next.  I've tried using DIFF to compare a still working jail (though one without Perl) with the broken jail, but I can't see anything significant yet.  I have also compared `strace chroot <rootJailFolder>` on a working jail with the one that's broken, but again there doesn't seem anything obvious.

I'm wondering if anyone else has had a similar issue and knows how to fix it?  Or, I'm wondering if anyone has suggestions on how to isolate the problem.

(I am able to provide further information/logs/etc. if needed.)

Thanks in advance, Dimitri.

_______________________________________________
Jailkit-users mailing list
Jailkit-users@nongnu.org
https://lists.nongnu.org/mailman/listinfo/jailkit-users

Using strace and ltrace, I've noticed that the version of libc.so.6 being referred to in the respective jails is different.
In the working jail, libc.so.6 is a symlink to livc-2.19.so but in the broken jail it's a symlink to libc-2.23.so.

Seems to me I may need to update all the files I have in the broken jail since I did the jk_init and jk_cp using more recent versions.
How can a jail be updated? Is there something similar in Jailkit to `apt-get upgrade`?

I've looked at the libc.so.6 files in each of the jails (working and not working) and they are significantly different.

In the working jail it's a symlink to livc-2.19.so but in the broken jail it's a symlink to libc-2.23.so.

Seems to me I may need to update all the files I have in the broken jail since I did the jk_init and jk_cp using more recent versions.

How can a jail be updated?  Is there something similar in Jailkit to `apt-get upgrade`?