Jailkit issue while logging in via ssh

Hi all

OS centos 8 stream
Webmin latest since installed at 1 week ago.

We are using nginx bundle, latest webmin version, and no significant changes (almost clean install).
When jailing user we are getting this at /var/log/messages

abort, failed to set additional groups: operation not permitted

Verified /etc/passwd and /etc/group and all looks fine.
Couldn´t found any info about this issue to help me out sorting this issue.

Does anyone face this?

Regards

You really need to include your OS and version when asking a question like this.

Hi Joe

True, sorry.
Updated question

OS centos 8 stream
Webmin latest since installed at 1 week ago.

Regards

This seems like a capabilities issue, but I’m pretty sure our Jailkit package sets capabilities right.

Is it possible you’ve got SELinux enabled?

It is disabled. It is probably the first thing i do when setting things up, even before installing virtualmin.
But verified and is disabled.

I looked to all generated files, all permissions looks normal to be… Content of /etc/groups, /etc/passwd all fine.

Will continue digging this.

I have spent some time today working on this.
Ended making jail working at centos8 removing jailkit 2.21 installed from the repo, and installing manually the 2.22 from the jailkit site.

Setup again the jk_init.ini with all my needs and working fine.

For centos8 was something like this (in case someone needs):

dnf -y remove jailkit
cd /root
wget https://olivier.sessink.nl/jailkit/jailkit-2.22.tar.gz
gunzip jailkit-2.22.tar.gz
tar --extract --file jailkit-2.22.tar
cd jailkit-2.22
ln --symbolic /usr/bin/python3 /usr/bin/python;
./configure
make install

and then the virtualmin commands
virtualmin modify-domain --domain DOMAIN --enable-jail

Thank you Joe for your replies.
Regards Bruno

I never recommend from-source installs on production servers.

But, if an update fixes it, I can update our package when I get some free time.

Unfortunately i agree, but i installed a perfectly clean virtualmin at centos7 and another at centos8 todays morning, and jailed a test virtualserver on both.
Result: works at centos7 and does NOT work at centos8 (same permission issue).

After checking jailkit source code, my error happens when when looping through different groups.
Then compared both /etc/group. Perhaps some has wrong permissions (but i went almost to every, and checked, no luck).

Jailed a test site at one of my production instances and will leave this way for some weeks.