CAP_SYS_ADMIN in chroot denied ?

globcom

Well-Known Member
May 24, 2008
57
3
58
Hello,

on a centos 6.4 and WHM 11.38.0
in var/log/messages
I have this :


Code:
kernel: grsec: use of CAP_SYS_ADMIN in chroot denied for /usr/local/cpanel/bin/jailshell[jailshell:29842] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/crond[crond:29840] uid/euid:539/0 gid/egid:538/538
I don't understand this log ?

Could you help me ?

Thx,
Eric
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello :)

This is a feature of the custom GRSec kernel you are running. You can find more information on "CAP_SYS_ADMIN" on the following GRSec forum thread:

False Boundaries and Arbitrary Code Execution

In this particular case, it's related to jailshell. You can find more information on jailshell in cPanel 11.38 at:

VirtFS - JailShell

As of 11.38, in a jailshell, all filesystems are mounted with the nosuid option by default. The nosuid option blocks the operation of setuid and setgid commands, such as crontab and ping.

Thank you.