Jailkit error when using on CentOS8.2

Hi I am migrating to CentOS 8.2 and when trying to enable chroot jail in the edit owner limits I recieve the below error. I am using
|Webmin version|1.955|

Usermin version 1.803
Virtualmin version 6.12 Pro

looking for some advice please


Failed to save owner limits : Failed to enable chroot jail : Chroot jail is not enabled for this domain

Operating system CentOS Linux 8.2.2004
Perl version 5.026003
Path to Perl /usr/bin/perl
BIND version 9.11
Postfix version 3.3.1
Mail injection command /usr/lib/sendmail -t
Apache version 2.4.37
PHP versions 7.2.24
Webalizer version 2.23-08
Logrotate version 3.14.0
MySQL version 10.3.17
ProFTPD version 1.36
SpamAssassin version 3.4.2
ClamAV version 0.102.4

Just got a new error

Setting up chroot jail …
… jail failed : Failed to initialize jail : ERROR: cannot lstat() /home/chroot/159947815626271 Traceback (most recent call last): File “/sbin/jk_init”, line 261, in main() File “/sbin/jk_init”, line 258, in main activateConfig(config, jail, args) File “/sbin/jk_init”, line 164, in activateConfig cfg.read([config[‘file’]]) File “/usr/lib64/python3.6/configparser.py”, line 697, in read self._read(fp, filename) File “/usr/lib64/python3.6/configparser.py”, line 1092, in _read fpname, lineno) configparser.DuplicateOptionError: While reading from ‘/etc/jailkit/jk_init.ini’ [line 118]: option ‘includesections’ in section ‘openvpn’ already exists

It looks like there is something bogus in the jk_init.ini, and the parser can’t work with it. If you want to post that file, it may be something obvious (looks like a duplicated option or section).

We can probably fix it to handle that sort of error better, but it’s not common…I’ve never seen this particular error before, I don’t think. Likely unique to your system.

And, that may just be because Virtualmin tried to setup jailkit twice and failed…maybe it did the duplicating. So, root cause may be further back in time.

Hi Joe,
I am using a fresh Centos 8.2 minimal install, this has been the first install for me in the last 12 years that’s had issues
Install on CentOS8.2
Issue 1:

Systemd service clamd@scan cannot be created unless a command is given

dnf -y install clamav-data.noarch
systemctl enable --now clamd@scan

Issue 2:
DBI connect failed : Access denied for user ‘root’@‘localhost’ (using password: NO)
the passowrd was set

Fix: step back and move forward again inthe wizard and it then works

Below is the jk_init.ini file.
I removed the openvpn and appeared to partially work for empty sites

# this section probably needs adjustment on 64bit systems
# or non-Linux systems
comment = common files for all jails that need user/group information
paths = /lib/libnsl.so.1, /lib64/libnsl.so.1, /lib/libnss*.so.2, /lib64/libnss*.so.2, /lib/i386-linux-gnu/libnsl.so.1, /lib/i386-linux-gnu/libnss*.so.2, /lib/x86_64-linux-gnu/libnsl.so.1, /lib/x86_64-linux-gnu/libnss*.so.2, /lib/arm-linux-gnueabihf/libnss*.so.2, /lib/arm-linux-gnueabihf/libnsl*.so.1, /etc/nsswitch.conf, /etc/ld.so.conf
# Solaris needs 
# paths = /etc/default/nss, /lib/libnsl.so.1, /usr/lib/nss_*.so.1, /etc/nsswitch.conf

comment = common files for all jails that need any internet connectivity
paths = /lib/libnss_dns.so.2, /lib64/libnss_dns.so.2, /lib/libnss_mdns*.so.2, /etc/resolv.conf, /etc/host.conf, /etc/hosts, /etc/protocols, /etc/services
# on Solaris devices /dev/udp and /dev/tcp might be needed too, not sure

comment = timezone information and log sockets
paths = /etc/localtime
need_logsocket = 1
# Solaris does not need logsocket
# but needs 
# devices = /dev/log, /dev/conslog

comment = Jailkit limited shell
paths = /usr/sbin/jk_lsh, /etc/jailkit/jk_lsh.ini
users = root
groups = root
includesections = uidbasics, logbasics

comment = alias for jk_lsh
includesections = jk_lsh

comment = Concurrent Versions System
paths = cvs
devices = /dev/null

comment = Fast Version Control System
paths = /usr/bin/git*, /usr/lib/git-core, /usr/bin/basename, /bin/uname, /usr/bin/pager
includesections = editors, perl

comment = ssh secure copy
paths = scp
includesections = netbasics, uidbasics
devices = /dev/urandom

comment = ssh secure ftp
paths = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, /usr/lib/misc/sftp-server, /usr/libexec/sftp-server, /usr/lib/openssh/sftp-server
includesections = netbasics, uidbasics
devices = /dev/urandom, /dev/null
# on solaris 
#paths = /usr/lib/ssh/sftp-server

comment = ssh secure shell
paths = ssh
includesections = netbasics, uidbasics
devices = /dev/urandom, /dev/tty, /dev/null

paths = rsync
includesections = netbasics, uidbasics

comment = procmail mail delivery
paths = procmail, /bin/sh
devices = /dev/null

comment = bash based shell with several basic utilities
paths = /bin/sh, bash, ls, cat, chmod, mkdir, cp, cpio, date, dd, echo, egrep, false, fgrep, grep, gunzip, gzip, ln, ls, mkdir, mktemp, more, mv, pwd, rm, rmdir, sed, sh, sleep, sync, tar, touch, true, uncompress, zcat, /etc/motd, /etc/issue, /etc/bash.bashrc, /etc/bashrc, /etc/profile, /usr/lib/locale/en_US.utf8
users = root
groups = root
includesections = uidbasics

comment = Midnight Commander
paths = mc, mcedit, mcview, /usr/share/mc
includesections = basicshell, terminfo

comment = bash shell including things like awk, bzip, tail, less
paths = awk, bzip2, bunzip2, ldd, less, clear, cut, du, find, head, less, md5sum, nice, sort, tac, tail, tr, sort, wc, watch, whoami
includesections = basicshell, midnightcommander, editors

comment = terminfo databases, required for example for ncurses or vim 
paths = /etc/terminfo, /usr/share/terminfo, /lib/terminfo

comment = vim, joe and nano
includesections = terminfo
paths = joe, nano, vi, vim, /etc/vimrc, /etc/joe, /usr/share/vim

comment = several internet utilities like wget, ftp, rsync, scp, ssh
paths = wget, lynx, ftp, host, rsync, smbclient
includesections = netbasics, ssh, sftp, scp

comment = htpasswd utility
paths = htpasswd

comment = alias for extendedshell + netutils + apacheutils
includesections = extendedshell, netutils, apacheutils

comment = jail for the openvpn daemon
paths = /usr/sbin/openvpn
users = root,nobody
groups = root,nogroup
includesections = netbasics
devices = /dev/urandom, /dev/random, /dev/net/tun
includesections = netbasics, uidbasics
need_logsocket = 1

comment = the apache webserver, very basic setup, probably too limited for you
paths = /usr/sbin/apache
users = root, www-data
groups = root, www-data
includesections = netbasics, uidbasics

comment = the perl interpreter and libraries
paths = perl, /usr/lib/perl, /usr/lib/perl5, /usr/share/perl, /usr/share/perl5

comment = getting X authentication to work
paths = /usr/bin/X11/xauth, /usr/X11R6/lib/X11/rgb.txt, /etc/ld.so.conf

comment = minimal files for X clients
paths = /usr/X11R6/lib/X11/rgb.txt
includesections = xauth

comment = the VNC server program
paths = Xvnc, Xrealvnc, /usr/X11R6/lib/X11/fonts/
includesections = xclients

comment = Ping program
paths_w_setuid = /bin/ping

#comment = xterm
#paths = /usr/bin/X11/xterm, /usr/share/terminfo, /etc/terminfo
#devices = /dev/pts/0, /dev/pts/1, /dev/pts/2, /dev/pts/3, /dev/pts/4, /dev/ptyb4, /dev/ptya4, /dev/tty, /dev/tty0, /dev/tty4

comment = modules and config files for PHP
paths = /usr/bin/php /etc/php.ini /etc/php.d /usr/lib64/php


There was a bug in Jailkit library, which is fixed now. Making changes that are pointed out on the commit, and restarting Webmin, will fix this issue for you.

thanks for that, super helpful :slight_smile:
Ill make thise changes

1 Like

This topic was automatically closed 4 days after the last reply. New replies are no longer allowed.