How to login to my jail from host itself (normal user)
Matthew Seaman
m.seaman at infracaninophile.co.uk
Sun Nov 13 13:04:50 UTC 2011
On 13/11/2011 12:31, Peter Vereshagin wrote:
> I'd find it obvious to try to launch getty by mean of jexec by setting the command in /etc/ttys?
>
> Something like that:
>
> ttyv0 "/usr/sbin/jexec `cat /var/run/some_jail.id` /usr/libexec/getty Pc" cons25 on secure
>
That might work. Needs testing though -- when someone logs in does init
in the host system recognize that the jailed login has taken over the
vty from the jail? Or does it just keep spawning new getty processes?
Lets see...
lucid-nonsense:/etc:# diff -u ttys.save ttys
--- ttys.save 2011-11-13 12:49:28.868350588 +0000
+++ ttys 2011-11-13 12:50:10.609176357 +0000
@@ -38,7 +38,7 @@
ttyv4 "/usr/libexec/getty Pc" cons25 on secure
ttyv5 "/usr/libexec/getty Pc" cons25 on secure
ttyv6 "/usr/libexec/getty Pc" cons25 on secure
-ttyv7 "/usr/libexec/getty Pc" cons25 on secure
+ttyv7 "/usr/sbin/jexec 1 /usr/libexec/getty Pc" cons25 on secure
ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure
# Serial terminals
# The 'dialup' keyword identifies dialin lines to login, fingerd etc.
lucid-nonsense:/etc:# kill -HUP 1
lucid-nonsense:/etc:# jexec 1 ps -ax | grep getty
22182 v7 Is+J 0:00.01 /usr/libexec/getty Pc ttyv7
Looking good so far...
<fx> Wanders into the other room and logs in on the console -- vty7,
which identifies itself as the jail.
lucid-nonsense:/etc:# ps -auxwww | grep v7
root 22182 0.0 0.0 21700 1676 v7 IsJ 12:50PM 0:00.06 login
[pam] (login)
matthew 22293 0.0 0.0 10312 2524 v7 IJ 12:53PM 0:00.07 -tcsh
(tcsh)
matthew 22299 0.0 0.0 9372 1668 v7 S+J 12:53PM 0:00.11 top
root 22362 0.0 0.0 9124 1192 1 S+ 12:56PM 0:00.00 grep v7
Seems to work nicely. Now, does logout work properly?
<fx>Logs out of the jail
lucid-nonsense:/etc:# ps -auxwww | grep v7
root 22390 0.0 0.0 6916 1028 v7 Is+J 12:59PM 0:00.01
/usr/libexec/getty Pc ttyv7
Yep. All works nicely. That's really cool.
Definitely needs care to make sure the jail ID matches up to the
intended jail. Using mm at freebsd.org's updated jail init stuff from the
sysutils/jailrc port and enabling persistent jails probably the way to
go there.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matthew at infracaninophile.co.uk Kent, CT11 9PW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 267 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20111113/8f4d8752/signature.pgp
More information about the freebsd-questions
mailing list