[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jailkit-users] I can't jail mldonkey
From: |
some one |
Subject: |
Re: [Jailkit-users] I can't jail mldonkey |
Date: |
Thu, 6 Nov 2008 00:43:23 -0500 |
OK! I _think_ I got. I did:
HOME=/home/mldonkey jk_chrootlaunch -u mldonkey -g mldonkey -j /home/jail -x
/usr/bin/mlnet
And it appears to be running! I'm thinking $HOME was not set properly somehow.
:/home/jail# jk_list
Pid User Jail Command
17832 mldonkey /home/jail /home/jail/usr/bin/mlnet
I'm guessing that means everything is working properly? Is there any other way
to test?
Thanks!
> ----- Original Message -----
> From: "Michal Soltys" <address@hidden>
> To: address@hidden
> Subject: Re: [Jailkit-users] I can't jail mldonkey
> Date: Tue, 04 Nov 2008 10:48:56 +0100
>
>
> some one wrote:
> > I've been trying the jailkit method of jailing mlnet and I follow
> > the instructions as best I can
> > (http://mldonkey.sourceforge.net/Chroot#JailKit) and when I try
> > to do:
> >
> > su mldonkey
> >
>
> Mld is pretty tricky to start chrooted. First - don't rely on any
> of its internal settings (in case you do - mldonkey will create /
> adjust part of its files with 0:0 access rights, and then happily
> fail after privilege separation, as it will have no access to them).
>
> What I use currently (note this is a small overkill and could be
> trimmed down further):
>
> [commons]
> comment = Common files
> regularfiles =
> /etc/nsswitch.conf,/etc/hosts,/etc/localtime,/etc/resolv.conf,/etc/services,/etc/protocols,/etc/host.conf,/etc/ld.so.conf
> users = root
> groups = root
> devices = /dev/null,/dev/urandom,/dev/zero,/dev/random
> libraries =
> /lib/libnss*.so.2,/lib/libnsl.so.1,/usr/lib/locale*,/usr/lib/libncurses*.so.?.?
> executables = /bin/false,/bin/true
> emptydirs = /tmp,/var/tmp,/var/run
>
> [p2p]
> comment = typical p2p prerequisites
> libraries = /usr/lib/libGeoIP*.so.?.?.?
> directories = /usr/share/GeoIP,/etc/geoip,/usr/share/misc/file,/etc/fonts
>
> [mld]
> comment = mldonkey
> users = ed2k
> groups = ed2k
> includesections = commons, p2p
> executables = /bin/mlnet
>
> And then it's started with:
>
> HOME=/data chrootuid /ed2k ed2k /bin/mlnet -pid /var/run
> -log_to_syslog true &>/dev/null &
>
> Section named [p2p] is also used by chrooted amuled.
>
> /data is under chrooted directory, where ed2k:ed2k has write
> access. That HOME is pretty important - as mld will (as it should)
> try to write all its settings under $HOME, which will likely be
> /root or in case of sudo [-s] - your regular-admin user's home
> (assuming typical sudo settings).
>
> Good luck :)
>
>
>
> _______________________________________________
> Jailkit-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/jailkit-users
>
--
-
Free Email at http://www.MailPuppy.com
- Fraud Warning: Never accept foreign checks/money orders