0

I run this command at the command line:

 $ sudo chroot . node test/simple.js

And I get this error:

chroot: failed to run command ‘node’: No such file or directory

makes sense, since the node executable is located in a file below the PWD. So what is a good way to get the node executable within the PWD, should I symlink it?

Ultimately however, I am most interested in allowing all executables to run in the chroot jail, but only allow reading and writing to files within the chroot jail, AKA:

randos/
   node
   a.js
jail/
  foo/foo.js

so say I do:

cd jail/foo
sudo chroot . ../randos/node ../randos/a.js

that should fail because I shouldn't be able to read randos/a.js. But if I do this:

cd jail/foo
sudo chroot . ../randos/node foo.js

then it should work, even if the node executable file is not a file within the jail.

Also, as an aside, if anyone knows how to get chroot to run without sudo for a certain directory, that'd be good.

Rui F Ribeiro
  • 56,709
  • 26
  • 150
  • 232
Alexander Mills
  • 10,002

1 Answers1

1

I would use the symlink option.

Also to answer your aside, I would edit your sudoers file.

Add a line that looks like:

SOMEUSER  ALL=/usr/sbin/chroot /DIR/TO/JAIL
Michael Prokopec
  • 2,220