Chroot jails made simpler

jk_check

After a chroot is set up, run this utility to locate security weakpoints. It lists setguid and setgid applications, modified applications, directories with wide-open permissions, and other potential problems listed in /etc/jailkit/jk_check.ini (Figure 4).

Figure 4: jk_check.ini checks for basic security problems.

Be aware that correcting all reported problems does not necessarily make the jail secure. Whether it does or not depends on the commands available in the chroot.

jk_list

After the chroot is set up, jk_list shows the PID and UID of all the processes that run in it. This information can be useful in tightening the chroot's security, as well as the permissions for multiple chroot users.

jk_update

This utility is used to update files within a chroot and to sync them with the main system. Note that, depending on the purpose of the chroot, you might not want to update its files – or, at least, have no reason to do so.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Command Line: Debootstrap

    We provide basic instructions for using Debian's debootstrap to create a schroot jail for building and testing packages.

  • Sandboxing

     

  • UCK

    We’ll show you how to create a custom Ubuntu ISO with the Ubuntu Customization Kit.

  • dgamelaunch

    If you are into retrogaming, dgamelaunch lets you set up a server to play Roguelike games and compete with friends, all while preserving a piece of gaming history.

  • Kernel News

    Chronicler Zack Brown reports on the latest news, views, dilemmas, and developments within the Linux kernel community.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95

News