Why CageFS installation changes jailshell to regular bash on cPanel?

During CageFS package installation or update all users with jailshell enabled will have it changed to regular /bin/bash in /etc/passwd.

 

This is done to avoid possible conflict with virtfs when non-cagefs user enters to virtfs, jailshell copies all mountpoints from cagefs-skeleton to /home/virtfs/$USER . Those mountpoints are duplicated for each user (approx 54 mount point per user).

 

/dev/sda1/home/virtfs/korvin/usr/share/cagefs-skeleton/opt/alt ext4 ro,nosuid,relatime,barrier=1,data=ordered,jqfmt=vfsv0,usrjquota=quota.user00
/dev/sda1/home/virtfs/korvin/usr/share/cagefs-skeleton/usr/lib ext4 ro,nosuid,relatime,barrier=1,data=ordered,jqfmt=vfsv0,usrjquota=quota.user00
/dev/sda1/home/virtfs/korvin/usr/share/cagefs-skeleton/usr/lib64 ext4 ro,nosuid,relatime,barrier=1,data=ordered,jqfmt=vfsv0,usrjquota=quota.user00
/dev/sda1/home/virtfs/korvin/usr/share/cagefs-skeleton/usr/include ext4 ro,nosuid,relatime,barrier=1,data=ordered,jqfmt=vfsv0,usrjquota=quota.user00
/dev/sda1/home/virtfs/korvin/usr/local/cpanel/3rdparty/mailman/logs ext4 rw,relatime,barrier=1,data=ordered,jqfmt=vfsv0,usrjquota=quota.user00

 

This could result in really large number of mountpoints which could lead to slow system performance. It is secure to provide bash access to users as long as you have CageFS enabled.

Was this answer helpful? 0 Users Found This Useful (0 Votes)