jailbash


chroot for users suck! It is work to maintain them and all in all you have to do a lot of nasty hacks to get it going! In the meantime AppArmor is in the mainline kernel. It is pretty simple to write rules for it and you can easily update it with tools like 'logprof'. Here is a small howto to trap users in their home directory with a simple AppArmor profile. First you need to compile the following C code: #include <unistd.h> int main(int argc, char *argv[]) { return execv("/bin/bash", argv); } gcc -o jailbash jailbash.c Then move the binary to /bin. The next step is to create an AppArmor profile for the jailbash. So create the file /etc/apparmor.d/bin.jailbash…