Issue
During CageFS package installation or update, all users with jailshell enabled will have it changed to regular /bin/bash in /etc/passwd. What is the reason for this change?
Environment
- CloudLinux OS
- CageFS
Solution
This is done to avoid possible conflict with virtfs when non-cagefs user enters virtfs, jailshell copies all mountpoints from cagefs-skeleton to /home/virtfs/$USER. Those mountpoints are duplicated for each user (approx 54 mount point per user).
/dev/sda1 /home/virtfs/korvin/usr/share/cagefs-skeleton/opt/alt ext4 ro,nosuid,relatime,barrier=1,data=ordered,jqfmt=vfsv0,usrjquota=quota.user 0 0 /dev/sda1 /home/virtfs/korvin/usr/share/cagefs-skeleton/usr/lib ext4 ro,nosuid,relatime,barrier=1,data=ordered,jqfmt=vfsv0,usrjquota=quota.user 0 0 /dev/sda1 /home/virtfs/korvin/usr/share/cagefs-skeleton/usr/lib64 ext4 ro,nosuid,relatime,barrier=1,data=ordered,jqfmt=vfsv0,usrjquota=quota.user 0 0 /dev/sda1 /home/virtfs/korvin/usr/share/cagefs-skeleton/usr/include ext4 ro,nosuid,relatime,barrier=1,data=ordered,jqfmt=vfsv0,usrjquota=quota.user 0 0 /dev/sda1 /home/virtfs/korvin/usr/local/cpanel/3rdparty/mailman/logs ext4 rw,relatime,barrier=1,data=ordered,jqfmt=vfsv0,usrjquota=quota.user 0 0 /proc/bus/usb /home/virtfs/korvin/usr/share/cagefs-skeleton/proc/bus/usb usbfs ro,nosuid,relatime 0 0
This could result in a really large number of mountpoints which could lead to slow system performance. It is secure to provide bash access to users as long as you have CageFS enabled.
Comments
0 comments
Please sign in to leave a comment.