Makejail simplifies the process of managing chroot jails by utilizing concise configuration files. It is designed to ease the burden on administrators looking to create and maintain secure environments.
Makejail employs a well-developed approach to building a list of files to be included in the chroot jail. Several methods such as tracing files accessed by the daemon, and manual adding of files into the configuration file are employed to create a comprehensive list. Additionally, files that belong to a package and its requirements may also be added into the mix. Once a file is added into the jail, shared libraries and upper directories are also added in with ease. This is done recursively for all necessary files. Furthermore, all file permissions and ownership properties are maintained to avoid any conflicts.
A unique feature of Makejail is how it handles specific types of files. Files that are located below '/proc' are automatically taken care of by mounting the procfs filesystem inside the jail. Sockets are not copied, and the shared library cache is not duplicated either. Instead, ldconfig is run to handle the shared library cache.
The steps for using Makejail are clearly defined. First, any files in the jail are removed if necessary. Then, packages and specific paths can be added to the list of files to be included. Once this is completed, the daemon is started inside the jail and traced with strace. Any files it attempts to open which already exist outside of the jail are added to the list. This process is repeated until no further files are discovered. Lastly, the daemon is started and traced while running some test processes outside of the jail to ensure maximum efficiency.
Overall, Makejail is an excellent software that takes the stress out of creating and maintaining chroot jails. Its efficient file inclusion system and significant features make it a must-have tool for administrators.
Version 1.16: N/A