pymumu
commented
4 years ago You can try the following config:(not tested)
dir /bin/ 0755 root:root
dir /dev/ 0755 root:root
dir /etc/ 0755 root:root
dir /etc/alternatives 0755 root:root
dir /sbin/ 0755 root:root
dir /root/ 0700 root:root
dir /home/ 0755 root:root
dir /lib/ 0755 root:root
dir /proc/ 0755 root:root
dir /usr/bin 0755 root:root
dir /usr/sbin 0755 root:root
dir /etc/security 0755 root:root
dir /usr/share/terminfo/x 0755 root:root
dir /lib/terminfo/x 0755 root:root
dir /etc/php 0755 root:root
dir /usr/lib/php 0755 root:root
# basic configration files
clink /etc/ld.so.conf /etc/ld.so.conf
clink /etc/resolv.conf /etc/resolv.conf
clink /etc/security/limits.conf /etc/security/limits.conf
clink /etc/nsswitch.conf /etc/nsswitch.conf
clink /etc/inputrc /etc/inputrc
clink /etc/localtime /etc/localtime
clink /etc/alternatives/php /etc/alternatives/php
file /usr/local/jail-shell/misc/rootfs/etc/profile /etc/profile 0755 root:root
# basic device files
clink /dev/null /dev/null
clink /dev/zero /dev/zero
clink /dev/ptmx /dev/ptmx
clink /dev/urandom /dev/urandom
clink /dev/tty /dev/tty
clink /dev/tty1 /dev/tty1
clink /dev/tty2 /dev/tty2
clink /dev/tty3 /dev/tty3
slink /proc/self/fd/2 /dev/stderr
slink /proc/self/fd/0 /dev/stdin
slink /proc/self/fd/1 /dev/stdout
# basic command list
clink /bin/sh /bin/sh
clink /bin/cat /bin/cat
clink /bin/ls /bin/ls
clink /bin/ps /bin/ps
clink /bin/bash /bin/bash
clink /bin/grep /bin/grep
clink /bin/rm /bin/rm
clink /bin/cp /bin/cp
clink /bin/touch /bin/touch
clink /bin/mv /bin/mv
clink /bin/hostname /bin/hostname
clink /bin/sed /bin/sed
clink /bin/true /bin/true
clink /bin/false /bin/false
clink /bin/mkdir /bin/mkdir
clink /bin/rmdir /bin/rmdir
clink /bin/dd /bin/dd
clink /bin/uname /bin/uname
clink /bin/date /bin/date
clink /bin/kill /bin/kill
clink /bin/tar /bin/tar
clink /bin/gzip /bin/gzip
clink /usr/bin/[ /usr/bin/[
clink /usr/bin/tail /usr/bin/tail
clink /usr/bin/less /usr/bin/less
clink /usr/bin/awk /usr/bin/awk
clink /usr/bin/free /usr/bin/free
clink /usr/bin/head /usr/bin/head
clink /usr/bin/id /usr/bin/id
clink /usr/bin/tee /usr/bin/tee
clink /usr/bin/test /usr/bin/test
clink /usr/bin/watch /usr/bin/watch
clink /usr/bin/which /usr/bin/which
clink /usr/bin/xargs /usr/bin/xargs
clink /usr/bin/find /usr/bin/find
clink /usr/bin/php /usr/bin/php
clink /bin/nano /bin/nano
# Base directory binding configuration
# Set directory read-only, and prohibit device files
#bind / ro,nodev,nosuid
bind / ro,nodev
bind /dev ro,dev,noexec,nosuid
bind /usr/share/terminfo/x /usr/share/terminfo/x ro,dev,noexec,nosuid
bind /lib/terminfo/x /lib/terminfo/x ro,nodev,noexec,nosuid
bind /etc/php /etc/php ro,nodev
bind /usr/lib/php /usr/lib/php ro,nodev
# export a writable upload directory.
# dir /upload 0755 root:root
# bind /opt/upload /upload rw,nodev,noexec,nosuid
# system command list
# this used for user to change password.
cmd /usr/bin/passwd /usr/bin/passwd -:-
# Basic library list
dir /lib 0755 root:root
dir /lib/arm-linux-gnueabihf 0755 root:root
clink /lib/arm-linux-gnueabihf/libnss_compat.so.2 /lib/arm-linux-gnueabihf/lib nss_compat.so.2
clink /lib/arm-linux-gnueabihf/libnss_files.so.2 /lib/arm-linux-gnueabihf/libn ss_files.so.2
clink /lib/arm-linux-gnueabihf/libnss_dns.so.2 /lib/arm-linux-gnueabihf/libnss _dns.so.2
Do you have any suggestions to make PHP Composer working in the jailed shell? I've tried to clink it, but that's not the way... Generally PHP itself has problem to work in this environment, including DNS resolving issues. I'd be appreciated if you come up with a solution.