Current version
Git/Latestdiff: 1.5.6
Latest Snapshots
Produced after each commit or rebase to new upstream version
GIT
RSBAC source code, can be unstable sometimes
No events planned
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Next revision Both sides next revision | ||
wiki:experiences:igraltist:run-jail [2012/05/13 07:12] 127.0.0.1 (old revision restored) |
wiki:experiences:igraltist:run-jail [2012/05/13 07:22] 127.0.0.1 (old revision restored) |
||
---|---|---|---|
Line 362: | Line 362: | ||
* [[wiki:experiences/igraltist/jail_wget|Setup for wget]] | * [[wiki:experiences/igraltist/jail_wget|Setup for wget]] | ||
* [[wiki:experiences/igraltist/jail_vixie-cron|Setup for vixie-cron]] | * [[wiki:experiences/igraltist/jail_vixie-cron|Setup for vixie-cron]] | ||
+ | |||
Line 386: | Line 387: | ||
</code> | </code> | ||
- | For example, if you want jailed 'ping' or 'wget' automatic, therefor I have done: | + | |
+ | ====== Jailed local programs for lazy people ===== | ||
+ | For example, if you want jailed 'ping' or 'wget' automatic, this does not prevent a using the absolute path. | ||
+ | The idea behind is simple add a new path to the environ PATH and put it on first place. | ||
+ | |||
+ | For this do: | ||
<code bash> | <code bash> | ||
- | mkdir /jails | + | mkdir /usr/local/jails |
</code> | </code> | ||
- | The profile must will modified, so that 'bash' in the directory jails as first search. | + | The profile must will modified, so that directory /usr/local/jails is the first search path. |
- | Therefor I have inserted on begin in the PATH the new jails directory. | + | |
For example it can looks like | For example it can looks like | ||
Line 403: | Line 408: | ||
</code> | </code> | ||
- | For updating the path execute: | + | Updating profile: |
<code bash> | <code bash> | ||
source /etc/profile | source /etc/profile | ||
</code> | </code> | ||
- | Now the 'jails' directory in the first place to search for a binary file. | + | Now the '/usr/local/jails' directory in the first place to search for an executable file. |
Note: The directory '/usr/local/jails' and 'run-jail' is hardcoded in run-jail script. | Note: The directory '/usr/local/jails' and 'run-jail' is hardcoded in run-jail script. | ||
Line 415: | Line 420: | ||
<code bash> | <code bash> | ||
- | ln -sf /bin/ping /usr/local/jails/ping | + | create-jail -p ping |
+ | </code> | ||
+ | |||
+ | Thats all.\\ | ||
+ | Test it with | ||
+ | |||
+ | <code bash> | ||
+ | ping heise.de --show | ||
+ | </code> | ||
+ | |||
+ | Output should be similar like: | ||
+ | <code bash> | ||
+ | /usr/bin/rsbac_jail -I 0.0.0.0 -r /bin/ping heise.de | ||
</code> | </code> | ||
- | Thats all. | ||
- | The jail configuration file 'ping' must be exists. | + | The jail configuration file 'ping' must be exists but usally is shipped with the rsbac-tools. |
- | When this wrapper not will needed anymore then simple undo the '/etc/profile' modification and remove the 'jails' directory. | + | When this wrapper has no need anymore then simple undo the '/etc/profile' modification and remove the '/usr/local/jails' directory. |
[[wiki:experiences/igraltist/run-jail#run-jail|Top]]\\ | [[wiki:experiences/igraltist/run-jail#run-jail|Top]]\\ |