getting opensshd working in a chroot jail
Kragen Sitaker
kragen@pobox.com
Tue, 30 May 2000 21:06:36 -0400
Well, I'm thinking I'll want to access my machine remotely while I'm in
Seattle. And I'd like to provide access to my nascent Beowulf to
others, but without giving them access to my main machine. So how to do
it securely?
Well, I've set up a chroot jail --- essentially, a separate virtual
machine --- in which I can run sshd. It contains mostly files copied or
hardlinked from the normal world, with customized versions of /etc/passwd
and /etc/group.
With this setup, gaining access to my machine theoretically only gives
you a process running on the machine. You can run the programs that
exist within the chroot jail; you can use up arbitrary numbers of
process table slots and arbitrary amounts of memory; if you could write
to the filesystem (you can't), you could run arbitrary code as an
unprivileged user and use up arbitrary amounts of disk space. And you
can allocate all the ttys.
And you can get information: what versions of which files are accessible
from the chroot jail, and there's probably some way to find their inode
counts to determine which ones are hardlinked from the outside world.
And (assuming you can run programs of your own) you can signal other
programs; this can at least tell you how many processes I have running
and how fast I'm spawning new ones. You can probably figure out how
much space my processes are taking up by allocating lots of space in
your own process. (You can actually crash my processes by starving them
from memory; I need to set ulimits to avoid this.)
What you should not be able to do:
- become root in any way you would not have been able to do without
getting into the chroot jail (i.e. there may be remote-root holes on
my machine, but you shouldn't be able to get to them any more easily
from inside the chroot jail than you would from your own machine)
- write to the filesystem
- read any part of the filesystem outside the chroot jail
- run any setuid programs
Here are things with which I am dissatisfied:
- there are too many files in the chroot jail. Perhaps this could be
solved by running a second chroot from sshd.
- /dev/tty, /dev/pts, /dev/ptmx, and /dev/urandom are all accessible
inside the chroot jail. /dev/urandom allows an attacker to deplete my
machine's precious entropy pooll; /dev/pts I don't understand well
enough to know if it's a threat.
- every user gets the same jail. Perhaps this could be solved by
running a second chroot from sshd.
- it would be nice to prohibit network access.
- it would be nice to allow sshd to syslog things, but not the users.
Perhaps this could be solved by running a second chroot from sshd.
Here are the six programs in /usr/jail --- really four, of which two
should be removed:
1142808 451 -rwxr-xr-x 2 root root 461400 Feb 20 14:46 /usr/jail/bin/bash
(my login shell; could be removed otherwise)
565264 82 -rwxr-xr-x 2 root root 83939 Feb 26 13:42 /usr/jail/lib/ld-2.1.3.so
(needed to run dynamically linked ELF programs)
565268 867 -rwxr-xr-x 2 root root 887636 Feb 26 13:42 /usr/jail/lib/libc-2.1.3.so
(needed to run dynamically linked glibc programs)
1681589 201 -rwxr-xr-x 2 root root 205788 Oct 25 1999 /usr/jail/sbin/ldconfig
(needed to refresh the library links and /etc/ld.so.cache during the
creation and maintenance of the jail; I should remove it now)
1157590 102 -rwxr-xr-x 2 root root 103856 Feb 17 15:50 /usr/jail/usr/bin/strace
(needed to figure out all the weird stuff sshd wants during the
creation and maintenance of the jail; I should remove it now)
602230 115 -rwxr-xr-x 2 root root 117616 Apr 21 20:26 /usr/jail/usr/sbin/sshd
(needed to run sshd)
$ ldd /bin/bash
libncurses.so.5 => /lib/libncurses.so.5 (0x40019000)
libdl.so.2 => /lib/libdl.so.2 (0x40057000)
libc.so.6 => /lib/libc.so.6 (0x4005b000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
$ ldd /usr/sbin/sshd
libdl.so.2 => /lib/libdl.so.2 (0x40019000)
libnsl.so.1 => /lib/libnsl.so.1 (0x4001d000)
libz.so.1 => /usr/lib/libz.so.1 (0x40033000)
libutil.so.1 => /lib/libutil.so.1 (0x40042000)
libpam.so.0 => /lib/libpam.so.0 (0x40046000)
libcrypto.so.0 => /usr/lib/libcrypto.so.0 (0x4004e000)
libwrap.so.0 => /lib/libwrap.so.0 (0x400f8000)
libc.so.6 => /lib/libc.so.6 (0x400ff000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x401dc000)
$ ldd /usr/bin/strace
libnsl.so.1 => /lib/libnsl.so.1 (0x40019000)
libc.so.6 => /lib/libc.so.6 (0x4002f000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
Here are the other sixty or so files and directories:
616547 1 drwxr-xr-x 8 root root 1024 May 30 21:06 /usr/jail
616548 1 drwxr-xr-x 2 root root 1024 May 30 21:07 /usr/jail/bin
612545 1 drwxr-xr-x 3 root root 1024 May 30 20:45 /usr/jail/lib
565272 10 -rw-r--r-- 2 root root 9372 Feb 26 13:42 /usr/jail/lib/libdl-2.1.3.so
(need this to run bash or sshd)
565278 228 -rw-r--r-- 2 root root 232780 Jan 26 18:56 /usr/jail/lib/libncurses.so.5.0
(need this to run bash)
612547 1 lrwxrwxrwx 1 root root 17 May 30 20:00 /usr/jail/lib/libncurses.so.5 -> libncurses.so.5.0
(need this to run bash)
612548 1 lrwxrwxrwx 1 root root 14 May 30 20:00 /usr/jail/lib/libdl.so.2 -> libdl-2.1.3.so
612549 1 lrwxrwxrwx 1 root root 13 May 30 20:00 /usr/jail/lib/libc.so.6 -> libc-2.1.3.so
612550 1 lrwxrwxrwx 1 root root 11 May 30 20:00 /usr/jail/lib/ld-linux.so.2 -> ld-2.1.3.so
565274 75 -rw-r--r-- 2 root root 75952 Feb 26 13:42 /usr/jail/lib/libnsl-2.1.3.so
(need this to run sshd and strace)
565269 20 -rw-r--r-- 2 root root 19536 Feb 26 13:42 /usr/jail/lib/libcrypt-2.1.3.so
(needed for sshd)
565258 6 -rw-r--r-- 2 root root 6060 Feb 28 15:21 /usr/jail/lib/libpam_misc.so.0.72
(needed for sshd)
612551 1 lrwxrwxrwx 1 root root 19 May 30 20:17 /usr/jail/lib/libpam_misc.so.0 -> libpam_misc.so.0.72
612552 1 lrwxrwxrwx 1 root root 17 May 30 20:17 /usr/jail/lib/libcrypt.so.1 -> libcrypt-2.1.3.so
(needed for sshd)
612553 1 lrwxrwxrwx 1 root root 15 May 30 20:17 /usr/jail/lib/libnsl.so.1 -> libnsl-2.1.3.so
565256 27 -rw-r--r-- 2 root root 27116 Feb 28 15:21 /usr/jail/lib/libpam.so.0.72
(needed for sshd)
612554 1 lrwxrwxrwx 1 root root 14 May 30 20:18 /usr/jail/lib/libpam.so.0 -> libpam.so.0.72
565346 8 -rw-r--r-- 2 root root 7588 Feb 26 13:42 /usr/jail/lib/libutil-2.1.3.so
(needed for sshd)
565254 23 -rw-r--r-- 2 root root 23008 Feb 11 01:05 /usr/jail/lib/libwrap.so.0.7.6
(needed for sshd)
612555 1 lrwxrwxrwx 1 root root 16 May 30 20:24 /usr/jail/lib/libwrap.so.0 -> libwrap.so.0.7.6
612556 1 lrwxrwxrwx 1 root root 16 May 30 20:24 /usr/jail/lib/libutil.so.1 -> libutil-2.1.3.so
565285 20 -rw-r--r-- 2 root root 19560 Feb 26 13:42 /usr/jail/lib/libnss_db-2.1.3.so
(needed for sshd, I think)
565286 12 -rw-r--r-- 2 root root 11372 Feb 26 13:42 /usr/jail/lib/libnss_dns-2.1.3.so
(needed for sshd, I think)
565287 31 -rw-r--r-- 2 root root 31020 Feb 26 13:42 /usr/jail/lib/libnss_files-2.1.3.so
(needed for sshd, I think)
612557 1 lrwxrwxrwx 1 root root 21 May 30 20:38 /usr/jail/lib/libnss_files.so.2 -> libnss_files-2.1.3.so
612558 1 lrwxrwxrwx 1 root root 19 May 30 20:38 /usr/jail/lib/libnss_dns.so.2 -> libnss_dns-2.1.3.so
612559 1 lrwxrwxrwx 1 root root 18 May 30 20:38 /usr/jail/lib/libnss_db.so.2 -> libnss_db-2.1.3.so
565284 41 -rw-r--r-- 2 root root 41308 Feb 26 13:42 /usr/jail/lib/libnss_compat-2.1.3.so
(needed for sshd, I think)
612560 1 lrwxrwxrwx 1 root root 22 May 30 20:39 /usr/jail/lib/libnss_compat.so.2 -> libnss_compat-2.1.3.so
635085 1 drwxr-xr-x 2 root root 1024 May 30 20:46 /usr/jail/lib/security
(the following files I think are needed for sshd)
1085512 5 -rw-r--r-- 2 root root 4196 Feb 28 15:21 /usr/jail/lib/security/pam_nologin.so
1085517 40 -rw-r--r-- 2 root root 40524 Feb 28 15:21 /usr/jail/lib/security/pam_unix.so
1085496 10 -rw-r--r-- 2 root root 10072 Feb 28 15:21 /usr/jail/lib/security/pam_env.so
1085519 5 -rw-r--r-- 2 root root 4296 Feb 28 15:21 /usr/jail/lib/security/pam_motd.so
1085498 8 -rw-r--r-- 2 root root 7524 Feb 28 15:21 /usr/jail/lib/security/pam_lastlog.so
1085500 9 -rw-r--r-- 2 root root 8428 Feb 28 15:21 /usr/jail/lib/security/pam_mail.so
813066 1 drwxr-xr-x 2 root root 1024 May 30 20:01 /usr/jail/sbin
813067 1 drwxr-xr-x 4 root root 1024 May 30 20:44 /usr/jail/etc
813071 1 -rw-r----- 1 root root 40 May 30 20:43 /usr/jail/etc/shadow
(a shadow of a shadow --- only one user)
813072 1 -rw-r--r-- 1 root root 746 May 30 20:39 /usr/jail/etc/ld.so.cache
(created by ldconfig to aid ld.so)
1054919 1 drwxr-xr-x 2 root root 1024 May 30 20:45 /usr/jail/etc/pam.d
1054926 1 -rw-r--r-- 1 root root 733 May 30 20:45 /usr/jail/etc/pam.d/ssh
(pam policies for ssh)
628941 1 drwxr-xr-x 2 root root 1024 May 30 20:30 /usr/jail/etc/ssh
628942 2 -rw-r--r-- 1 root root 1209 May 30 20:26 /usr/jail/etc/ssh/sshd_config
(required (?) configuration for sshd)
628943 1 -rw------- 1 root root 526 May 30 20:30 /usr/jail/etc/ssh/ssh_host_key
(ssh host key)
628944 1 -rw-r--r-- 1 root root 330 May 30 20:30 /usr/jail/etc/ssh/ssh_host_key.pub
(public key for ssh)
813069 1 -rw-r--r-- 1 root root 465 May 30 20:36 /usr/jail/etc/nsswitch.conf
(I'm not clear whether this directs PAM or something lower-level)
813070 1 -rw-r--r-- 1 root root 102 May 30 20:10 /usr/jail/etc/passwd
(a shadow of a passwd --- one user.)
813068 1 drwxr-xr-x 5 root root 1024 May 30 20:22 /usr/jail/usr
892929 1 drwxr-xr-x 2 root root 1024 May 30 20:24 /usr/jail/usr/lib
763966 54 -rw-r--r-- 2 root root 54512 Oct 30 1999 /usr/jail/usr/lib/libz.so.1.1.3
(needed for sshd)
764416 670 -rw-r--r-- 2 root root 685228 Mar 11 10:33 /usr/jail/usr/lib/libcrypto.so.0.9.4
(needed for sshd)
892930 1 lrwxrwxrwx 1 root root 18 May 30 20:24 /usr/jail/usr/lib/libcrypto.so.0 -> libcrypto.so.0.9.4
892931 1 lrwxrwxrwx 1 root root 13 May 30 20:24 /usr/jail/usr/lib/libz.so.1 -> libz.so.1.1.3
473188 1 drwxr-xr-x 3 root root 1024 May 30 21:05 /usr/jail/dev
473189 0 cr--r--r-- 1 root root 1, 9 May 24 17:53 /usr/jail/dev/urandom
(needed for sshd)
473190 0 crw-rw-rw- 1 root tty 5, 2 May 30 21:06 /usr/jail/dev/ptmx
(needed for sshd+bash to work well; sshd will spawn a shell without it,
but it sucks.)
1 0 drwxr-xr-x 2 root root 0 May 30 21:01 /usr/jail/dev/pts
(ditto. I modified my system devpts-creation script to mount on here.)
473191 0 crw-rw-rw- 1 root tty 5, 0 May 30 21:04 /usr/jail/dev/tty
(bash likes to have this, I think.)
616550 17 -rw-r--r-- 1 root root 16434 May 30 21:06 /usr/jail/jailhist
(this file explains how I made this jail)
The relevant contents of jailhist follow:
501 cd /usr
502 mkdir jail
503 cd jail
504 chroot . bash
505 mkdir bin
506 cp /bin/bash bin
507 ls -l bin
508 chroot . /bin/bash
509 ls
510 chroot .
511 ls bin
512 objdump --full-contents bin/bash | less
513 mkdir lib
514 cp /lib/ld-linux.so.2 lib/
515 chroot .
516 ldd bin/bash
517 cp /lib/libncurses.so.5.0 /lib/libdl.so.2 /lib/libc.so.6 ./lib
518 chroot .
519 man ldconfig
520 type ldconfig
521 ldd /sbin/ldconfig
522 mkdir sbin
523 cp /sbin/ldconfig .
524 mv ldconfig sbin
525 chroot . /sbin/ldconfig
526 mkdir etc
527 mkdir usr
528 mkdir lib
529 chroot . /sbin/ldconfig
530 mkdir usr/lib
531 chroot . /sbin/ldconfig
532 ls -lart
533 ls -l etc
534 cat etc/ld.so.cache
535 ls usr/lib
536 ls lib
537 ls -l lib
538 chroot .
539 ls
540 ls -lR
541 du -h
542 rm bin/bash
543 ln /bin/bash bin
544 ls lib
545 ls -l lib
546 rm lib/*
547 ln /lib/ld-linux.so.2 /lib/libc.so.6 /lib/libdl.so.2 /lib/libncurses.so.5.0 lib/.
548 ls -l /lib/ld-linux.so.2
549 rm lib/*
550 ln /lib/ld-2.1.3.so lib/.
551 ls -l /lib/libc.so.6
552 ln /lib/libc-2.1.3.so lib/.
553 ls -l /lib/libdl.so.2
554 ln /lib/libdl-2.1.3.so lib/.
555 ln /lib/libncurses.so.5.0 lib/.
556 chroot . /sbin/ldconfig
557 ls
558 chroot .
559 chroot . /bin/bash
560 echo /*
561 du -h
562 ls -l bin
563 ls -l lib
564 ls -l sbin
565 rm sbin/ldconfig
566 ln /sbin/ldconfig sbin/.
567 ls
568 ls -l
569 du -h
570 ls usr
571 ls usr/lib
572 ls etc
573 find . -ls
574 apt-get install sshd
575 suspend
576 cd /etc/
577 ls
578 cd init.d
579 ls -lart
580 date
581 ls -ld
582 date
583 vi ssh
584 sh ssh stop
585 vi ssh
586 man chroot
587 chroot /usr/jail
588 %
589 type chroot
590 %
591 sh ssh start
592 suspend
593 less /var/log/messages
594 cd /usr/jail
595 ls etc
596 cp /etc/passwd etc/passwd.new
597 vi etc/passwd.new
598 cp /etc/shadow etc/shadow.new
599 ln /bin/login bin
600 xterm &
601 suspend
602 less /var/log/messages
603 suspend
604 less /var/log/messages
605 suspend
606 mkdir usr/bin
607 ln /usr/bin/strace usr/bin/strace
608 ls -lart
609 chroot . /usr/bin/strace -o fd /bin/login
610 ldd /usr/bin/strace
611 ldd /bin/login
612 ln /lib/libnsl.so.1 lib/.
613 rm lib/libnsl.so.1
614 ls -l /lib/libnsl.so.1
615 ln /lib/libnsl-2.1.3.so lib/.
616 ls -l /lib/libcrypt.so.1
617 ln /lib/libcrypt-2.1.3.so lib/.
618 ls -l /lib/libpam_misc.so.0
619 ln /lib/libpam_misc.so.0.72 lib/.
620 chroot . /usr/sbin/ldconfig
621 ln /usr/sbin/ldconfig usr/sbin
622 ls
623 ls sbin
624 chroot . /sbin/ldconfig
625 chroot . /usr/bin/strace -o fd /bin/login
626 ldd bin/login
627 ls -l /lib/libpam.so.0
628 ln /lib/libpam.so.0.72 lib/.
629 chroot . /sbin/ldconfig
630 chroot . /usr/bin/strace -o fd /bin/login
631 less fd
632 suspend
633 ps auxwww |egrep sshd
634 suspend
635 sh /etc/init.d/ssh start
636 ps auxwww |egrep sshd
637 man sshd
638 cd /
639 chroot /usr/jail /usr/sbin/sshd -d
640 ls /usr/sbin/sshd
641 ln /usr/sbin/sshd /usr/jail/usr/bin/sshd
642 chroot /usr/jail /usr/sbin/sshd -d
643 ls -l /usr/jail/usr/sbin/sshd
644 rm /usr/jail/usr/bin/sshd
645 mkdir /usr/jail/usr/sbin
646 ln /usr/sbin/sshd /usr/jail/usr/sbin/sshd
647 ldd /usr/jail/usr/sbin/sshd
648 ls -l /usr/lib/libz.so.1
649 ln /usr/lib/libz.so.1.1.3 /usr/jail/usr/lib
650 ls -l /lib/libutil.so.1
651 ln /lib/libutil-2.1.3.so /usr/jail/lib
652 ls -l /usr/lib/libcrypto.so.0
653 ln /usr/lib/libcrypto.so.0.9.4 /usr/jail/usr/lib
654 ls -l /lib/libwrap.so.0
655 ln /lib/libwrap.so.0.7.6 /usr/jail/lib
656 chroot /usr/jail /sbin/ldconfig
657 chroot /usr/jail /usr/sbin/sshd -d
658 mkdir /usr/jail/dev
659 (tar cvf - dev/urandom) | (cd /usr/jail; tar xvf -)
660 ls -l /usr/jail/dev/urandom
661 chroot /usr/jail /usr/sbin/sshd -d
662 less /etc/ssh/sshd_config
663 mkdir /usr/jail/etc/ssh
664 cp /etc/ssh/sshd_config /usr/jail/etc/ssh
665 chroot /usr/jail /usr/sbin/sshd -d
666 ls -l /etc/ssh/ssh_host_key
667 man sshd
668 cat /etc/ssh/ssh_host_key
669 1;2c1;2c1;2c1;2c%
670 cat
671 %
672 man ssh-keygen
673 ssh-keygen -l /etc/ssh/ssh_host_key
674 ssh-keygen -l -f /etc/ssh/ssh_host_key
675 ssh-keygen
676 ssh-keygen -f /usr/jail/etc/ssh/ssh_host_key
677 chroot /usr/jail /usr/sbin/sshd -d
678 bg
679 suspen
680 suspend
681 chroot /usr/jail /usr/sbin/strace -o fd /usr/sbin/sshd -d &
682 ls usr
683 ls /usr/jail
684 ls /usr/jail/usr
685 ls /usr/jail/usr/bin
686 chroot /usr/jail /usr/bin/strace -o fd /usr/sbin/sshd -d &
687 ls
688 ls /usr/jail
689 cat /usr/jail/fd
690 suspend
691 less /usr/jail/fd
692 supsend
693 suspend
694 %
695 ls -l /dev/log
696 date
697 %
698 ls -l /etc/nsswitch.conf
699 cat /etc/nsswitch.conf
700 cp /etc/nsswitch.conf /usr/jail/etc/nsswitch.conf
701 jobs
702 chroot /usr/jail /usr/bin/strace -o fd /usr/sbin/sshd -d &
703 jobs
704 suspend
705 jobs
706 %3
707 ls /usr/jail/etc/nsswitch.conf
708 cat /usr/jail/etc/nsswitch.conf
709 less /usr/jail/fd
710 ls /lib/libnss_
711 ln /lib/libnss_{db,dns,files}-* /usr/jail/lib/.
712 ls -l /usr/jail/lib/.
713 chroot /usr/jail /sbin/ldconfig
714 chroot /usr/jail /usr/bin/strace -o fd /usr/sbin/sshd -d &
715 jobs
716 %2
717 suspend
718 less /usr/jail/fd
719 ls -l /usr/jail/lib/libnss*
720 ln /lib/libnss_compat-* /usr/jail/lib/.
721 chroot /usr/jail /usr/bin/strace -o fd /usr/sbin/sshd -d &
722 kill %3
723 chroot /usr/jail /sbin/ldconfig
724 ls -l /usr/jail/lib/libnss*
725 chroot /usr/jail /usr/bin/strace -o fd /usr/sbin/sshd -d &
726 history
727 echo $HISTORY
728 set
729 HISTSIZE=10000
730 jobs
731 suspend
732 jbos
733 jobs
734 %2
735 less /usr/jail/fd
736 cd /usr/jail/etc
737 ls
738 cat passwd.new
739 vi shadow.new
740 mv passwd.new passwd
741 mv shadow.new shadow
742 chroot /usr/jail /usr/bin/strace -o fd /usr/sbin/sshd -d &
743 suspend
744 less ../fd
745 cat /etc/pam.conf
746 ls /etc/pam.d
747 mkdir pam.d
748 cp /etc/pam.d/ssh pam.d/ssh
749 cat pam.d/ssh
750 locate pam_nologin.so
751 ls /lib/security
752 cd ..
753 mkdir lib/security
754 ln /lib/security/pam_{nologin,unix,env,motd,lastlog,mail}.so
755 ln /lib/security/pam_{nologin,unix,env,motd,lastlog,mail}.so lib/security/.
756 jobs
757 %2
758 cat /etc/pam.conf
759 chroot /usr/jail /usr/bin/strace -o fd /usr/sbin/sshd -d &
760 suspend
761 ok, i got a login, but no tty
762 less fd
763 ls -l /dev/ptmx
764 (cd /; tar cvf - dev/ptmx) | (cd /usr/jail; tar xvf -)
765 jobs
766 history
767 chroot /usr/jail /usr/bin/strace -o fd /usr/sbin/sshd -d &
768 suspend
769 less fd
770 vi /etc/fstab
771 mount
772 egrep devpts /etc/fstab
773 egrep devpts /etc/init.d/*
774 less /etc/init.d/devpts.sh
775 mkdir dev/pts
776 %
777 cat /etc/default/devpts
778 vi /etc/init.d/devpts.sh
779 cp /etc/init.d/devpts.sh /etc/init.d/devpts.sh.orig
780 %
781 echo $(mount)
782 %
783 echo $(mount | grep -c /dev/pts)
784 %
785 echo $(mount | grep -c /dev/pts || true)
786 %
787 sh /etc/init.d/devpts.sh
788 %
789 jobs
790 vi /etc/init.d/devpts.sh
791 sh /etc/init.d/devpts.sh
792 %
793 vi /etc/init.d/devpts.sh
794 sh /etc/init.d/devpts.sh
795 vi /etc/init.d/devpts.sh
796 sh /etc/init.d/devpts.sh
797 mount
798 %
799 vi /etc/init.d/devpts.sh
800 sh /etc/init.d/devpts.sh
801 sh /etc/init.d/devpts.sh
802 %
803 vi /etc/init.d/devpts.sh
804 mount
805 ls -l /usr/jail/dev/pts
806 ls -l /dev/pts
807 w
808 jobs
809 chroot /usr/jail /usr/bin/strace -o fd /usr/sbin/sshd -d &
810 jobs
811 suspend
812 sh /etc/init.d/ssh start
813 suspend
814 (cd /; tar cvf - /dev/tty) | (cd /usr/jail; tar xvf -)
815 ls -l dev
816 find . -print
817 find . -print | wc
818 suspend
819 ls
820 rm fd
821 history > jailhist
The new contents of /etc/init.d/devpts.sh follow. They may be helpful
if you're trying to do this same thing on a Debianish system; otherwise
probably not. I haven't yet tested this by rebooting; it may be that I
will discover that I have broken /dev/pts mounting.
#! /bin/sh
set -e
. /etc/default/devpts
[ "$(uname -s)" = "Linux" ] || exit 0
# modified to work from arbitrary roots by Kragen Sitaker ---- 2000-05-29
make_devptmx()
{
[ -c "$1"/dev/ptmx ] || mknod --mode=666 "$1"/dev/ptmx c 5 2
}
make_devpts()
{
[ -d "$1"/dev/pts ] || mkdir --mode=755 "$1"/dev/pts
}
mount_devpts_fs()
{
mount -t devpts devpts "$1"/dev/pts -ogid=${TTYGRP},mode=${TTYMODE}
}
do_devpts_stuff()
{
make_devptmx "$@"
make_devpts "$@"
devpts_mounted=$(mount | grep -c "^devpts on $1/dev/pts" || true)
if [ $devpts_mounted -lt 1 ]
then
# echo "trying to mount in $1/dev/pts; devpts_mounted $devpts_mounted"
mount_devpts_fs "$@"
else
# echo "not trying to mount in $1/dev/pts"
fi
}
devfs=$(grep -c '\<devfs' /proc/filesystems || true)
devpts=$(grep -c '\<devpts' /proc/filesystems || true)
release=$(uname -r)
major_release=${release%.*}
if [ $devfs -eq 1 ]; then
solution=devfs
elif [ $devpts -eq 1 ]; then
solution=devpts
else
solution=none
fi
case ${major_release} in
2.[23456789] | 3.*)
# Have
case $solution in
devfs|none)
:
;;
devpts)
do_devpts_stuff
do_devpts_stuff /usr/jail
;;
esac
;;
*)
;;
esac