chroot("/run/sshd"): Operation not permitted [preauth] #34
Comments
ghost
changed the title
|
I've experienced this too, unfortunately have nothing to add at the moment other than a +1 but I will post back here if I find a solution... |
michalbednarski
added a commit
that referenced
this issue
Apr 29, 2019
We now support nested chroot() if new root can replace old while removing all bind mounts chroot(/) is supported as before without changes Added handling of chroot() if it's denied by seccomp #34
|
I've just pushed experimental support for nested |
michalbednarski
added a commit
that referenced
this issue
May 1, 2019
As we free FileSystemNameSpace we need to set cwd for tracee after chroot() As tracee->fs is reallocated here, we need to free previous value #34
michalbednarski
added a commit
to michalbednarski/termux-packages
that referenced
this issue
May 5, 2019
ghost
pushed a commit
to termux/termux-packages
that referenced
this issue
May 5, 2019
ghost
pushed a commit
to termux/termux-packages
that referenced
this issue
May 5, 2019
fornwall
pushed a commit
to termux/termux-packages
that referenced
this issue
May 5, 2019
|
Version supporting emulated nested chroot is now available in apt repository. (Run |
Grimler91
pushed a commit
that referenced
this issue
Jul 25, 2022
We now support nested chroot() if new root can replace old while removing all bind mounts chroot(/) is supported as before without changes Added handling of chroot() if it's denied by seccomp #34
Grimler91
pushed a commit
that referenced
this issue
Jul 25, 2022
As we free FileSystemNameSpace we need to set cwd for tracee after chroot() As tracee->fs is reallocated here, we need to free previous value #34
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
it seems that chroot syscall could not success in proot container. i tryed sshd in deployes of centos, fedora, debian and ubuntu. and all caeses failed because of chroot.
root@localhost:~# /usr/sbin/sshd -p 12345 -d
debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2l 25 May 2017
debug1: private host key #0: ssh-rsa SHA256:axT5qtQVsQmm5xgtN+mOTYkBDavo/D79JDliDA5KOs8 debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:Mkyu/CBWK1lVzwMIll+KJ6KX34TI4DNJ2USDYkH8+qo
debug1: private host key #2: ssh-ed25519 SHA256:J6G8L2C3w9g5HlztYCdFKpG0yvGnxAxXThmXPIQBURo debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-p'
debug1: rexec_argv[2]='12345'
debug1: rexec_argv[3]='-d'
debug1: Bind to port 12345 on 0.0.0.0.
Server listening on 0.0.0.0 port 12345.
debug1: Bind to port 12345 on ::.
Server listening on :: port 12345.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
Connection from 127.0.0.1 port 43951 on 127.0.0.1 port 12345
debug1: Client protocol version 2.0; client software version OpenSSH_7.7
debug1: match: OpenSSH_7.7 pat OpenSSH* compat 0x04000000
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u3
debug1: Enabling compatibility mode for protocol 2.0
chroot("/run/sshd"): Operation not permitted [preauth]
debug1: do_cleanup [preauth]
debug1: do_cleanup
debug1: Killing privsep child 23931
debug1: audit_event: unhandled event 12
The text was updated successfully, but these errors were encountered: