Jailshell prevents 'crontab' with dedicated /var partition

kristian

Verified User
Joined
Nov 4, 2005
Messages
461
Location
Norway
At least I *think* the dedicated /var partition is the reason why this fails:

Code:
$ crontab -l
/var/spool/cron: No such file or directory

I think maybe it fails due to this line in /usr/bin/jailshell (v0.11)..

Code:
      --dir                                        /var \

..instead of e.g. a --bind-try for /var? I suspect this current jailshell script works fine on servers without a dedicated /var, because of --remount-ro / in the script. There are reasons for maybe not exposing the entire /var partition, but I tried to add just the single file like this:

Code:
      --dir                                        /var \
      --bind-try     /var/lib/mysql/mysql.sock     /var/lib/mysql/mysql.sock \
      --bind-try     /var/spool/cron/crontabs/${USER} /var/spool/cron/crontabs/${USER} \   # <- Added this line
      --symlink      ../tmp                        /var/tmp \

However this doesn't work, when trying to get a shell I get this error:

Code:
# su - myuser
bwrap: Can't find source path /var/spool/cron/crontabs/myuser: Permission denied

I tried adding the crontab group to the jailshell's /etc/group file as well, but the same error message persists.

Anyone have any ideas on how to resolve this?
 
Back
Top