Skip to main content

Jailkit and jails.


Jailing a user on suda using jailkit

These are links I found helpful during the process. 
#links 
https://www.howtoforge.com/debian-9-jail-jailkit/
http://www.linuxmisc.com/1-linux-setup/9de37a1b1aca86d8.htm
https://linuxize.com/post/how-to-delete-users-in-linux-using-the-userdel-command/
https://wiki.archlinux.org/title/Linux_console/Keyboard_configuration
https://olivier.sessink.nl/jailkit/jailkit.8.html
https://askubuntu.com/questions/93411/simple-easy-way-to-jail-users

The basic guide I followed was this one https://askubuntu.com/questions/93411/simple-easy-way-to-jail-users

So to begin with I downloaded Jailkit from the website of the maintainer here https://olivier.sessink.nl/jailkit/index.html#download

I untarred it and did the usual ./configure , make and sudo make install.

Then I created a none privileged user - sudo useradd guest
and a password for that user - sudo passwd guest. 

Before moving the user to jail or running the jailkit scripts I went into the guest account as the user and added  in the basic scripts for suda and the ctwmrc configuration for ctwm.

Now for the fun bit .

Create a jail - Sudo mkdir /home/jail 

Then populate the jail with the basic things the user will use - remebering that a chroot jail is a little like a virtual machine so whatever we want the user to be able to use must be accesible within the jail. 

so we do this 

sudo jk_init -v /home/jail netutils basicshell jk_lsh

note no ssh etc

now we will jail our user

sudo jk_jailuser -m -j /home/jail/ guest
And then copy the bash libraries to the jail - sudo jk_cp -v -f /home/jail /bin/bash

Then edit /home/jail/etc/passwd so that this line:
 jailtest:x:1001:1001::test:/usr/sbin/jk_lsh

Looks like this 

guest:x:1001:1001::/home/guest:/bin/bash

The advantage of using jailkit over other methods is that when we use the commands to copy over binaries and things we need it copies over all the dependencies we need so we don’t have to go hunting through the file system for odd things.

now we have to add the extra sauce to make everything we want to run run - so we do this 

 sudo jk_cp  -v -j /home/jail/ /usr/bin/xsetroot xfontsel xdotool xdg-settings xclock vim script ffmpeg ffplay ffprobe xterm lxterminal xloadimage scrot xwininfo xxd 

and to get x to run correctly we shall install the xdg folder and the X11 folder to our jail as well

so this 

sudo jk_cp -v -j /home/jail/ /etc/xdg
sudo jk_cp -v -j /home/jail/ /etc/X11

and we will also have to create a locale configuration for keyboard otherwise it defaults to c which stops certain things running correctly 

so do sudo touch /home/jail/etc/vconsole.conf 
and 
sudo touch /home/jail/etc/locale.conf
then 
sudo nano /home/jail/etc/locale.conf
and add in the locale you want , in my case its 
en_GB.UTF-8 UTF-8

and then sudo nano /home/jail/etc/vconsole.conf 
and add in this line or for the keymap you want 
KEYMAP=uk

and thats the jail pretty much set up .

What I did find though was that to run certain scripts, like sudacam 1 and 2 and the later mantissacam scripts that I added into my own isos I had to alter those scripts so that instead of , for instance in the case of sudacam1.sh it reading 

lxterminal --geometry=17x18+0+3 -e 'ffplay -f x11grab -follow_mouse centered -framerate 10 -video_size 640x480 -i :0.0'

I had to change it to avoid calling an lxterminal or xterm and the script crashing out or not starting due to other dependencies not being present

so rather than calling a terminal to start ffmpeg changing the script to this 

ffplay -f x11grab -follow_mouse centered -framerate 10 -video_size 640x480 -i :0.0 

worked equally well as it does as originally implemented. The manifesto script needed no changes nor did the glitchify script.