Jailkit error when using on CentOS8.2

Hi I am migrating to CentOS 8.2 and when trying to enable chroot jail in the edit owner limits I recieve the below error. I am using
|Webmin version|1.955|

Usermin version 1.803
Virtualmin version 6.12 Pro

looking for some advice please

Error

Failed to save owner limits : Failed to enable chroot jail : Chroot jail is not enabled for this domain

Operating system CentOS Linux 8.2.2004
Perl version 5.026003
Path to Perl /usr/bin/perl
BIND version 9.11
Postfix version 3.3.1
Mail injection command /usr/lib/sendmail -t
Apache version 2.4.37
PHP versions 7.2.24
Webalizer version 2.23-08
Logrotate version 3.14.0
MySQL version 10.3.17
ProFTPD version 1.36
SpamAssassin version 3.4.2
ClamAV version 0.102.4

Just got a new error

Setting up chroot jail …
… jail failed : Failed to initialize jail : ERROR: cannot lstat() /home/chroot/159947815626271 Traceback (most recent call last): File “/sbin/jk_init”, line 261, in main() File “/sbin/jk_init”, line 258, in main activateConfig(config, jail, args) File “/sbin/jk_init”, line 164, in activateConfig cfg.read([config[‘file’]]) File “/usr/lib64/python3.6/configparser.py”, line 697, in read self._read(fp, filename) File “/usr/lib64/python3.6/configparser.py”, line 1092, in _read fpname, lineno) configparser.DuplicateOptionError: While reading from ‘/etc/jailkit/jk_init.ini’ [line 118]: option ‘includesections’ in section ‘openvpn’ already exists

It looks like there is something bogus in the jk_init.ini, and the parser can’t work with it. If you want to post that file, it may be something obvious (looks like a duplicated option or section).

We can probably fix it to handle that sort of error better, but it’s not common…I’ve never seen this particular error before, I don’t think. Likely unique to your system.

And, that may just be because Virtualmin tried to setup jailkit twice and failed…maybe it did the duplicating. So, root cause may be further back in time.

Hi Joe,
I am using a fresh Centos 8.2 minimal install, this has been the first install for me in the last 12 years that’s had issues
Install on CentOS8.2
Issue 1:

Systemd service clamd@scan cannot be created unless a command is given

Fix:
dnf -y install clamav-data.noarch
systemctl enable --now clamd@scan

Issue 2:
DBI connect failed : Access denied for user ‘root’@‘localhost’ (using password: NO)
the passowrd was set

Fix: step back and move forward again inthe wizard and it then works

Below is the jk_init.ini file.
I removed the openvpn and appeared to partially work for empty sites

[uidbasics]
# this section probably needs adjustment on 64bit systems
# or non-Linux systems
comment = common files for all jails that need user/group information
paths = /lib/libnsl.so.1, /lib64/libnsl.so.1, /lib/libnss*.so.2, /lib64/libnss*.so.2, /lib/i386-linux-gnu/libnsl.so.1, /lib/i386-linux-gnu/libnss*.so.2, /lib/x86_64-linux-gnu/libnsl.so.1, /lib/x86_64-linux-gnu/libnss*.so.2, /lib/arm-linux-gnueabihf/libnss*.so.2, /lib/arm-linux-gnueabihf/libnsl*.so.1, /etc/nsswitch.conf, /etc/ld.so.conf
# Solaris needs 
# paths = /etc/default/nss, /lib/libnsl.so.1, /usr/lib/nss_*.so.1, /etc/nsswitch.conf

[netbasics]
comment = common files for all jails that need any internet connectivity
paths = /lib/libnss_dns.so.2, /lib64/libnss_dns.so.2, /lib/libnss_mdns*.so.2, /etc/resolv.conf, /etc/host.conf, /etc/hosts, /etc/protocols, /etc/services
# on Solaris devices /dev/udp and /dev/tcp might be needed too, not sure

[logbasics]
comment = timezone information and log sockets
paths = /etc/localtime
need_logsocket = 1
# Solaris does not need logsocket
# but needs 
# devices = /dev/log, /dev/conslog

[jk_lsh]
comment = Jailkit limited shell
paths = /usr/sbin/jk_lsh, /etc/jailkit/jk_lsh.ini
users = root
groups = root
includesections = uidbasics, logbasics

[limitedshell]
comment = alias for jk_lsh
includesections = jk_lsh

[cvs]
comment = Concurrent Versions System
paths = cvs
devices = /dev/null

[git]
comment = Fast Version Control System
paths = /usr/bin/git*, /usr/lib/git-core, /usr/bin/basename, /bin/uname, /usr/bin/pager
includesections = editors, perl

[scp]
comment = ssh secure copy
paths = scp
includesections = netbasics, uidbasics
devices = /dev/urandom

[sftp]
comment = ssh secure ftp
paths = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, /usr/lib/misc/sftp-server, /usr/libexec/sftp-server, /usr/lib/openssh/sftp-server
includesections = netbasics, uidbasics
devices = /dev/urandom, /dev/null
# on solaris 
#paths = /usr/lib/ssh/sftp-server

[ssh]
comment = ssh secure shell
paths = ssh
includesections = netbasics, uidbasics
devices = /dev/urandom, /dev/tty, /dev/null

[rsync]
paths = rsync
includesections = netbasics, uidbasics

[procmail]
comment = procmail mail delivery
paths = procmail, /bin/sh
devices = /dev/null

[basicshell]
comment = bash based shell with several basic utilities
paths = /bin/sh, bash, ls, cat, chmod, mkdir, cp, cpio, date, dd, echo, egrep, false, fgrep, grep, gunzip, gzip, ln, ls, mkdir, mktemp, more, mv, pwd, rm, rmdir, sed, sh, sleep, sync, tar, touch, true, uncompress, zcat, /etc/motd, /etc/issue, /etc/bash.bashrc, /etc/bashrc, /etc/profile, /usr/lib/locale/en_US.utf8
users = root
groups = root
includesections = uidbasics

[midnightcommander]
comment = Midnight Commander
paths = mc, mcedit, mcview, /usr/share/mc
includesections = basicshell, terminfo

[extendedshell]
comment = bash shell including things like awk, bzip, tail, less
paths = awk, bzip2, bunzip2, ldd, less, clear, cut, du, find, head, less, md5sum, nice, sort, tac, tail, tr, sort, wc, watch, whoami
includesections = basicshell, midnightcommander, editors

[terminfo]
comment = terminfo databases, required for example for ncurses or vim 
paths = /etc/terminfo, /usr/share/terminfo, /lib/terminfo

[editors]
comment = vim, joe and nano
includesections = terminfo
paths = joe, nano, vi, vim, /etc/vimrc, /etc/joe, /usr/share/vim

[netutils]
comment = several internet utilities like wget, ftp, rsync, scp, ssh
paths = wget, lynx, ftp, host, rsync, smbclient
includesections = netbasics, ssh, sftp, scp

[apacheutils]
comment = htpasswd utility
paths = htpasswd

[extshellplusnet]
comment = alias for extendedshell + netutils + apacheutils
includesections = extendedshell, netutils, apacheutils

[openvpn]
comment = jail for the openvpn daemon
paths = /usr/sbin/openvpn
users = root,nobody
groups = root,nogroup
includesections = netbasics
devices = /dev/urandom, /dev/random, /dev/net/tun
includesections = netbasics, uidbasics
need_logsocket = 1

[apache]
comment = the apache webserver, very basic setup, probably too limited for you
paths = /usr/sbin/apache
users = root, www-data
groups = root, www-data
includesections = netbasics, uidbasics

[perl]
comment = the perl interpreter and libraries
paths = perl, /usr/lib/perl, /usr/lib/perl5, /usr/share/perl, /usr/share/perl5

[xauth]
comment = getting X authentication to work
paths = /usr/bin/X11/xauth, /usr/X11R6/lib/X11/rgb.txt, /etc/ld.so.conf

[xclients]
comment = minimal files for X clients
paths = /usr/X11R6/lib/X11/rgb.txt
includesections = xauth

[vncserver]
comment = the VNC server program
paths = Xvnc, Xrealvnc, /usr/X11R6/lib/X11/fonts/
includesections = xclients

[ping]
comment = Ping program
paths_w_setuid = /bin/ping

#[xterm]
#comment = xterm
#paths = /usr/bin/X11/xterm, /usr/share/terminfo, /etc/terminfo
#devices = /dev/pts/0, /dev/pts/1, /dev/pts/2, /dev/pts/3, /dev/pts/4, /dev/ptyb4, /dev/ptya4, /dev/tty, /dev/tty0, /dev/tty4

[php]
comment = modules and config files for PHP
paths = /usr/bin/php /etc/php.ini /etc/php.d /usr/lib64/php

Hi,

There was a bug in Jailkit library, which is fixed now. Making changes that are pointed out on the commit, and restarting Webmin, will fix this issue for you.

thanks for that, super helpful :slight_smile:
Ill make thise changes

1 Like

This topic was automatically closed 4 days after the last reply. New replies are no longer allowed.