CAP_SYS_ADMIN in chroot denied ?

G

globcom

Well-Known Member
May 24, 2008
57
3
58
Hello,

on a centos 6.4 and WHM 11.38.0
in var/log/messages
I have this :


Code: 
kernel: grsec: use of CAP_SYS_ADMIN in chroot denied for /usr/local/cpanel/bin/jailshell[jailshell:29842] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/crond[crond:29840] uid/euid:539/0 gid/egid:538/538
I don't understand this log ?

Could you help me ?

Thx,
Eric
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,258
463
Hello :)

This is a feature of the custom GRSec kernel you are running. You can find more information on "CAP_SYS_ADMIN" on the following GRSec forum thread:

False Boundaries and Arbitrary Code Execution

In this particular case, it's related to jailshell. You can find more information on jailshell in cPanel 11.38 at:

VirtFS - JailShell

As of 11.38, in a jailshell, all filesystems are mounted with the nosuid option by default. The nosuid option blocks the operation of setuid and setgid commands, such as crontab and ping.

Thank you.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
W Apache vhosts are not segmented or chroot()ed Security 1
S chroot and symlinks Security 1
G Apache vhosts are not segmented or chroot()ed. Security 1
N Apache vhosts are not segmented or chroot()ed Security 35
M Apache vhosts are not segmented or chroot()ed. | No symlink protection detected Security 3
Similar threads
Apache vhosts are not segmented or chroot()ed
chroot and symlinks
Apache vhosts are not segmented or chroot()ed.
Apache vhosts are not segmented or chroot()ed
Apache vhosts are not segmented or chroot()ed. | No symlink protection detected
Top Bottom