Re: [Jailkit-users] I can't jail mldonkey

[Michal Soltys]

some one wrote:
> I've been trying the jailkit method of jailing mlnet and I follow the 
> instructions as best I can (http://mldonkey.sourceforge.net/Chroot#JailKit) and 
> when I try to do:
>
> su mldonkey

Mld is pretty tricky to start chrooted. First - don't rely on any of its 
internal settings (in case you do - mldonkey will create / adjust part 
of its files with 0:0 access rights, and then happily fail after 
privilege separation, as it will have no access to them).

What I use currently (note this is a small overkill and could be trimmed 
down further):

[commons]
comment = Common files
regularfiles = 
/etc/nsswitch.conf,/etc/hosts,/etc/localtime,/etc/resolv.conf,/etc/services,/etc/protocols,/etc/host.conf,/etc/ld.so.conf
users = root
groups = root
devices = /dev/null,/dev/urandom,/dev/zero,/dev/random
libraries = 
/lib/libnss*.so.2,/lib/libnsl.so.1,/usr/lib/locale*,/usr/lib/libncurses*.so.?.?
executables = /bin/false,/bin/true
emptydirs = /tmp,/var/tmp,/var/run

[p2p]
comment = typical p2p prerequisites
libraries = /usr/lib/libGeoIP*.so.?.?.?
directories = /usr/share/GeoIP,/etc/geoip,/usr/share/misc/file,/etc/fonts

[mld]
comment = mldonkey
users = ed2k
groups = ed2k
includesections = commons, p2p
executables = /bin/mlnet

And then it's started with:

HOME=/data chrootuid /ed2k ed2k /bin/mlnet -pid /var/run -log_to_syslog 
true  &>/dev/null &

Section named [p2p] is also used by chrooted amuled.

/data is under chrooted directory, where ed2k:ed2k has write access. 
That HOME is pretty important - as mld will (as it should) try to write 
all its settings under $HOME, which will likely be /root or in case of 
sudo [-s] - your regular-admin user's home (assuming typical sudo settings).

Good luck :)