Hi, jailkit doesn't like 'daemon' as group on chroots, that's what we have for /var/www.
What about this? https://savannah.nongnu.org/bugs/index.php?46930 --- jk_lib.py.orig Tue Jan 19 11:21:16 2016 +++ jk_lib.py Tue Jan 19 11:32:16 2016 @ -65,18 +65,9 @@ def path_is_safe(path, failquiet=0): if (failquiet == 0): sys.stderr.write('ERROR: cannot lstat() '+path+'\n') return -1 - if (sys.platform[-3:] == 'bsd'): - # on freebsd root is in group wheel - if (statbuf[stat.ST_UID] != 0 or statbuf[stat.ST_GID] != grp.getgrnam('wheel').gr_gid): - sys.stderr.write('ERROR: '+path+' is not owned by root:wheel!\n') - return -3 - else: - if (statbuf[stat.ST_UID] != 0 or statbuf[stat.ST_GID] != 0): - sys.stderr.write('ERROR: '+path+' is not owned by root:root!\n') - return -3 - if ((statbuf[stat.ST_MODE] & stat.S_IWOTH or statbuf[stat.ST_MODE] & stat.S_IWGRP)and not stat.S_ISLNK(statbuf[stat.ST_MODE])): - sys.stderr.write('ERROR: '+path+' is writable by group or others!') - return -4 + if (statbuf[stat.ST_UID] != 0 or (statbuf[stat.ST_GID] & 022 ) != 0): + sys.stderr.write('ERROR: '+path+' is not owned by root or bad mode!\n') + return -3 if (not stat.S_ISDIR(statbuf[stat.ST_MODE])): if (stat.S_ISLNK(statbuf[stat.ST_MODE])): # Fedora has moved /sbin /lib and /bin into /usr (It would be also nice if it would do symlinks in chrooted /usr for libs in /usr/local/lib or /usr/X11R6/lib but that would be probably overkill.) j.
