Chrooted R + Rserve

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view

Chrooted R + Rserve

Peter Danenberg
I successfully chrooted R running Rserve with an unprivileged user,
and thought I'd publish the process.

Attached is a jailkit.ini for use with jailkit;* and a chroot/setuid
wrapper, chwrap.c.

To set up the chroot in, for instance, /var/R; perform:

   mkdir -v /var/R
   jk_init -v -c jailkit.ini -j /var/R R

then create the unprivileged user `r':

   useradd r

After compiling chwrap with:

   gcc -o chwrap chwrap.c

finally invoke Rserve with r's uid and gid (see /etc/passwd):

   chwrap [UID] [GID] /var/R /usr/local/bin/Rserve


[hidden email] mailing list
PLEASE do read the posting guide
and provide commented, minimal, self-contained, reproducible code.

jailkit.ini (694 bytes) Download Attachment
chwrap.c (1K) Download Attachment
Reply | Threaded
Open this post in threaded view

Re: Chrooted R + Rserve

Jeroen Ooms
I am trying to reproduce this setting, but it does not seem to work anymore. I keep getting the error: execve failed: No such file or directory.

One of the reasons is that /usr/local/bin/Rserve is no longer a standalone executable, and is now initiated using R CMD Rserve. However, after making the appropriate changes to the .ini, I still get the same error.

Anyone successfully reproduced this setting with a recent R/Rserve/Jailkit?