Skip to content

Commit 7f119a6

Browse files
author
Marius Burkard
committed
Merge branch 'update_jailkit-check-bash' into 'develop'
jailkit: update jail if /bin/bash does not function See merge request ispconfig/ispconfig3!1332
2 parents 8900243 + fd1704a commit 7f119a6

File tree

1 file changed

+12
-1
lines changed

1 file changed

+12
-1
lines changed

server/lib/classes/cron.d/600-jailkit_maintenance.inc.php

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -69,7 +69,7 @@ public function onRunJob() {
6969
// limit the number of jails we update at one time according to time of day
7070
$num_jails_to_update = (date('H') < 6) ? 25 : 3;
7171

72-
$sql = "SELECT domain_id, domain, document_root, php_fpm_chroot, jailkit_chroot_app_sections, jailkit_chroot_app_programs, delete_unused_jailkit, last_jailkit_hash FROM web_domain WHERE type = 'vhost' AND (last_jailkit_update IS NULL OR last_jailkit_update < (NOW() - INTERVAL 24 HOUR)) AND server_id = ? ORDER by last_jailkit_update LIMIT ?";
72+
$sql = "SELECT domain_id, domain, document_root, system_user, system_group, php_fpm_chroot, jailkit_chroot_app_sections, jailkit_chroot_app_programs, delete_unused_jailkit, last_jailkit_hash FROM web_domain WHERE type = 'vhost' AND (last_jailkit_update IS NULL OR last_jailkit_update < (NOW() - INTERVAL 24 HOUR)) AND server_id = ? ORDER by last_jailkit_update LIMIT ?";
7373
$records = $app->db->queryAllRecords($sql, $conf['server_id'], $num_jails_to_update);
7474

7575
foreach($records as $rec) {
@@ -111,6 +111,17 @@ public function onRunJob() {
111111
sort($last_updated, SORT_STRING);
112112
$update_hash = hash('md5', implode(' ', $last_updated));
113113

114+
if (is_file( $rec['document_root']."/bin/bash" )) {
115+
# test that /bin/bash functions in the jail
116+
print "chroot --userspec ".$rec['system_user'].":".$rec['system_group']." ".$rec['document_root']." /bin/bash -c true 2>/dev/null\n";
117+
if (! $app->system->exec_safe("chroot --userspec ?:? ? /bin/bash -c true 2>/dev/null", $rec['system_user'], $rec['system_group'], $rec['document_root'])) {
118+
print "/bin/bash test failed, forcing update\n";
119+
$options[] = 'force';
120+
# bogus hash will not match, triggering an update
121+
$update_hash = 'force_update'.time();
122+
}
123+
}
124+
114125
if ($update_hash != $rec['last_jailkit_hash']) {
115126
$app->system->web_folder_protection($rec['document_root'], false);
116127
$app->system->update_jailkit_chroot($rec['document_root'], $sections, $programs, $options);

0 commit comments

Comments
 (0)