Why CageFS installation changes jailshell to regular bash on cPanel?

During CageFS package installation or update, all users with jailshell enabled will have it changed to regular /bin/bash in /etc/passwd .

This is done to avoid possible conflict with virtfs when non-cagefs user enters virtfs, jailshell copies all mountpoints from cagefs-skeleton to /home/virtfs/$USER. Those mountpoints are duplicated for each user (approx 54 mount point per user).

/dev/sda1 /home/virtfs/korvin/usr/share/cagefs-skeleton/opt/alt ext4 ro,nosuid,relatime,barrier=1,data=ordered,jqfmt=vfsv0,usrjquota=quota.user 0 0
/dev/sda1 /home/virtfs/korvin/usr/share/cagefs-skeleton/usr/lib ext4 ro,nosuid,relatime,barrier=1,data=ordered,jqfmt=vfsv0,usrjquota=quota.user 0 0
/dev/sda1 /home/virtfs/korvin/usr/share/cagefs-skeleton/usr/lib64 ext4 ro,nosuid,relatime,barrier=1,data=ordered,jqfmt=vfsv0,usrjquota=quota.user 0 0
/dev/sda1 /home/virtfs/korvin/usr/share/cagefs-skeleton/usr/include ext4 ro,nosuid,relatime,barrier=1,data=ordered,jqfmt=vfsv0,usrjquota=quota.user 0 0
/dev/sda1 /home/virtfs/korvin/usr/local/cpanel/3rdparty/mailman/logs ext4 rw,relatime,barrier=1,data=ordered,jqfmt=vfsv0,usrjquota=quota.user 0 0
/proc/bus/usb /home/virtfs/korvin/usr/share/cagefs-skeleton/proc/bus/usb usbfs ro,nosuid,relatime 0 0

This could result in a really large number of mountpoints which could lead to slow system performance. It is secure to provide bash access to users as long as you have CageFS enabled.