Easy chroot jail creation

While setting up an SSH jump host I had the need for a small chroot environment that users would end up in. The ‘regular’ way is to create a jail directory somewhere, set up basic directories (/bin /etc and so on) and proceed with copying the desired binaries into the jail. The next step is to use ‘ldd’ to figure out which dynamic libraries need to be copied into the jail. This is a lot of work!

Luckily (instead of getting some random script online and hoping it works fine) Debian includes a package called makejail. Makejail reads a small python file, this is an example (let’s call it test.py):

chroot="/jail"
cleanJailFirst=1
testCommandsInsideJail=["bash", "nc" , "nologin"]

Now run this command:

makejail test.py

Makejail will now create the jail in ‘/jail’ (and clean any existing stuff in there if it exists already), copy ‘bash’ ‘nc’ and ‘nologin’ into the jail and figure out the library dependencies. Easy!