[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jailkit-users] How to Jail Python Interpreter
|
From: |
Gregory Piñero |
|
Subject: |
Re: [Jailkit-users] How to Jail Python Interpreter |
|
Date: |
Tue, 18 Sep 2007 20:39:33 -0400 |
On 9/18/07, Olivier Sessink <address@hidden> wrote:
> Gregory Piñero wrote:
> > On 9/17/07, Gregory Piñero <address@hidden> wrote:
> >> On 9/17/07, Olivier Sessink <address@hidden> wrote:
> >>> you probably need a lot of extra python files as well. My systems has
> >>> lots of files in /usr/lib/python2.4/ that are part of the python global
> >>> libraries.
> >> Yeah, I ended up copying /usr/lib/python2.4 into the jail too. Is
> >> copying manually the best way, or is there a jailkit tool for this?
> >>
> >>> use jk_chrootlaunch to start a process inside the jail. You can use any
> >>> unprivileged user, so generally it's good to create an account (but it
> >>> doesn't need a shell or a home directory)
> >
> > I tried running my python script like this:
> > $ sudo jk_chrootlaunch -u jailtest -g jailtest -j
> > /srv/jail_for_python/ -x /srv/jail_for_python/usr/bin/python2.4
> > exec_worker.py
> >
> > and got this error:
> > usr/bin/python2.4: can't open file 'exec_worker.py': [Errno 13]
> > Permission denied
> >
> > exec_worker.py is owner by root and the group is root. Which I
> > figured is what I want since it resides inside the jail?
>
> but what are the permissions? is user jailtest allowed to read and
> execute it?
>
> > I also tried providing the full path to the python script like this:
> > $ sudo jk_chrootlaunch -u jailtest -g jailtest -j
> > /srv/jail_for_python/ -x /srv/jail_for_python/usr/bin/python2.4
> > /srv/jail_for_python/exec_worker.py
>
> remember the process is running inside a jail! So the process doesn't
> know about /srv/jail_for_python. The full path *inside* the jail is
> /exec_worker.py
>
> you could also add '#!/usr/bin/python2.4' as first line of that file,
> and make it executable, and start
>
> `sudo jk_chrootlaunch -u jailtest -g jailtest -j /srv/jail_for_python/
> -x /srv/jail_for_python/exec_worker.py`
>
Ok, that's worked out. Thanks. Now my next question. I'm ultimately
trying to make a simple server/daemon to run code the clients send it
(safely) and return a string of the result.
So I want to bind to a socket (correct terminology?) But I seem to be
getting denied. Is there a permission or setting change I can make to
give this script access to a few ports?
Thanks again,
-Greg
- [Jailkit-users] How to Jail Python Interpreter, Gregory Piñero, 2007/09/17
- Re: [Jailkit-users] How to Jail Python Interpreter, Olivier Sessink, 2007/09/18
- Re: [Jailkit-users] How to Jail Python Interpreter,
Gregory Piñero <=
- Re: [Jailkit-users] How to Jail Python Interpreter, Olivier Sessink, 2007/09/19
- Re: [Jailkit-users] How to Jail Python Interpreter, Gregory Piñero, 2007/09/19
- Re: [Jailkit-users] How to Jail Python Interpreter, Gregory Piñero, 2007/09/20