Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

CAP_SYS_ADMIN in chroot denied ?

Discussion in 'Security' started by globcom, Jul 1, 2013.

  1. globcom

    globcom Well-Known Member

    Joined:
    May 24, 2008
    Messages:
    49
    Likes Received:
    2
    Trophy Points:
    58
    Hello,

    on a centos 6.4 and WHM 11.38.0
    in var/log/messages
    I have this :


    Code:
    kernel: grsec: use of CAP_SYS_ADMIN in chroot denied for /usr/local/cpanel/bin/jailshell[jailshell:29842] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/crond[crond:29840] uid/euid:539/0 gid/egid:538/538
    I don't understand this log ?

    Could you help me ?

    Thx,
    Eric
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,896
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    This is a feature of the custom GRSec kernel you are running. You can find more information on "CAP_SYS_ADMIN" on the following GRSec forum thread:

    False Boundaries and Arbitrary Code Execution

    In this particular case, it's related to jailshell. You can find more information on jailshell in cPanel 11.38 at:

    VirtFS - JailShell

    As of 11.38, in a jailshell, all filesystems are mounted with the nosuid option by default. The nosuid option blocks the operation of setuid and setgid commands, such as crontab and ping.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. globcom

    globcom Well-Known Member

    Joined:
    May 24, 2008
    Messages:
    49
    Likes Received:
    2
    Trophy Points:
    58
    Thank You Michael :)

    I understand now.

    Eric
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice