Re: [Jailkit-users] jk

jailkit-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] jk_remove

From:	Olivier Sessink
Subject:	Re: [Jailkit-users] jk_remove
Date:	Sat, 15 Aug 2020 07:29:34 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0

On 12-08-2020 16:51, Yassine Chaouche wrote:

Dear list,

Sometimes, you would like to add a few binaries to your jail in order to debug it from the inside (for example, a cron job that doesn't work well, a php script that isn't working from the jail etc.), this can include such tools as the mysql client, strace and similar tools. When you finish your troubleshooting, it would be nice to have a jk command that would remove only those file that were added and weren't there before issuing the jk_init (or jk_cp).

I thought about adding the necessary sections in the jailkit_init.ini file, then calling jk_init on the jail and capturing its output to a temporary file. For example, lets alter the following jail by deleting part of the /usr/share/zoneinfo directory tree, then call jk_init on it again to recreate the missing files and symlinks and keep track of them

root#admin 15:20:27 ~ # rm -rf /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/root#admin 15:20:30 ~ # jk_init -j /var/www/clients/client1/web5/ php > /tmp/jkinit-phpsh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)/bin/sh: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)root#admin 15:20:45 ~ # grep ^Creating /tmp/jkinit-php > /tmp/jkinit-php-linksroot#admin 15:20:57 ~ # grep ^Copying /tmp/jkinit-php > /tmp/jkinit-php-copiesroot#admin 15:21:02 ~ # wc -l /tmp/jkinit-php-copies18 /tmp/copiesroot#admin 15:21:09 ~ # wc -l /tmp/jkinit-php-links36 /tmp/linksroot#admin 15:21:12 ~ #

We have 18 files copied and 36 symlinks created.

A jk_remove script would simply remove any file in /tmp/copies and unlink any link found in /tmp/links (a couple sed commands would allow to extract only the desired PATH)

command grep Copying /tmp/jkinitphp | sed "s/^Copying.* to //;" > /tmp/jkinit-php-copies

command grep Creating /tmp/jkinitphp | sed "s/^Creating.* to //;" >/tmp/jkinit-php-links

root#admin 15:49:31 ~ # while read link; do echo unlink $link; done < /tmp/jkinit-php-links

unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Kinshasa unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Luanda unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Nairobi unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Bujumbura unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Porto-Novo unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Nouakchott unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Timbuktu unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Bamako unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Libreville unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Mogadishu unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Kampala unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Banjul unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Dakar unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Douala unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Lagos unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Djibouti unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Tripoli unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Lome unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Freetown unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Maseru unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Lusaka unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Dar_es_Salaam unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Mbabane unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Maputo unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Ouagadougou unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Niamey unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Conakry unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Lubumbashi unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Asmara unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Asmera unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Harare unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Malabo unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Brazzaville unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Cairo unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Gaborone unlink /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Kigali root#admin 15:49:54 ~ # while read file; do echo rm $file; done < /tmp/jkinit-php-copies rm /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Bissau rm /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Bangui rm /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/El_Aaiun rm /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Addis_Ababa rm /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Juba rm /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Ceuta rm /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Blantyre rm /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Johannesburg rm /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Abidjan rm /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Accra rm /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Khartoum rm /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Monrovia rm /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Algiers rm /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Ndjamena rm /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Sao_Tome rm /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Casablanca rm /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Tunis rm /var/www/clients/client1/web5/usr/share/zoneinfo/Africa/Windhoek root#admin 15:50:47 ~ #

Thoughts ?

yes that could be done. The reson that I didn't create the script is because of dependencies. Suppose you install two binaries, foo and bar.

foo has a dependency on libsomething.so and installs it

bar has has a dependency on libsomething.so but it's already there

now you remove foo --> your script would remove libsomething.so as well, and bar will no longer work.

this can be fixed too if you keep track of all dependencies, but that would require all jailkit scripts to start using a sort of database to keep track of dependencies. And if you would manually copy a file to a jail that database would no longer be valid... I didn't want to go that path.

Olivier

-- 
Bluefish website http://bluefish.openoffice.nl/
Blog http://oli4444.wordpress.com/

[Prev in Thread]

Current Thread

[Next in Thread]

[Jailkit-users] jk_remove, Yassine Chaouche, 2020/08/12
- Re: [Jailkit-users] jk_remove, Olivier Sessink <=

Prev by Date: [Jailkit-users] jk_remove
Previous by thread: [Jailkit-users] jk_remove
Index(es):
- Date
- Thread