--- makejail-0.0.5.orig/makejail
+++ makejail-0.0.5/makejail
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/python
 
 # Author: alain@onesite.org
 # License: GPL
@@ -11,7 +11,7 @@
 # stat (package stat)
 
 # Configuration defaults
-# Don't change this file, to define new defaults values create a file /etc/makejail
+# Don't change this file, to define new defaults values create a file /etc/makejail/makejail.conf
 
 class configClass:
 	def __init__(self):
@@ -20,10 +20,11 @@
 		self.useDepends=0
 		self.blockDepends=[]
 		self.doNotCopy=["/usr/share/doc",
-						"/usr/share/info",
-						"/usr/share/man",
-						"/etc/fstab",
-						"/etc/mtab"]
+				"/usr/share/info",
+				"/usr/share/man",
+				"/etc/fstab",
+				"/etc/mtab",
+				"/proc"]
 		self.forceCopy=[]
 		self.cleanJailFirst=0
 		self.preserve=[]
@@ -43,30 +44,37 @@
 		self.groups=[]
 
 		self.debianDpkgInfoFile="/var/lib/dpkg/info/%s.list"
-		self.etcFile="/etc/makejail"
+		self.etcFile="/etc/makejail/makejail.conf"
 		self.pathToLdConfig="/sbin/ldconfig"
+		# For Ubuntu systems, to prevent copying a bash shell
+                # we copy ldconfig.real instead
+                if os.path.exists("/sbin/ldconfig.real"):
+                    self.pathToLdConfig="/sbin/ldconfig.real"
 		self.pathToLdSoConf="/etc/ld.so.conf"
 		self.pathToLdSoCache="/etc/ld.so.cache"
 		self.procPath="/proc"
 		self.userFiles=["/etc/passwd",
-						"/etc/shadow",
-						"/etc/master.passwd"]
+				"/etc/shadow",
+				"/etc/master.passwd"]
 		self.groupFiles=["/etc/group",
-						 "/etc/gshadow"]
+				 "/etc/gshadow"]
 		self.tempDir="/tmp/makejail_logs"
 
 		self.psCommand="ps -e"
 		self.psColumns=[1,4]
 
 		# -e file=trace doesn't catch socket connections
-		self.straceCommand="strace -f %command >/dev/null 2>>%file"
-		self.straceCommandPid="strace -f -p %pid >/dev/null 2>>%file"
+		self.straceCommand="strace -e trace=file,connect -e signal=none -f -ff -o %file %command >/dev/null 2>&1"
+		self.straceCommandPid="strace -e trace=file,connect -e signal=none -f -ff -o %file -p %pid >/dev/null 2>&1"
 		self.straceCommandStop="killall -9 strace"
 		self.straceCommandView=None
 		self.stracePatterns=['.*\("([^"]*)",.*\) .*= -[0-9]* ENO.*',
-							 '.*\("([^"]*)",.*\) .*= -[0-9]* EACCES.*']
+				     '.*\("([^"]*)",.*\) .*= -[0-9]* EACCES.*',
+				     'chdir\("([^"]*)"\) .*= -[0-9]* ENO.*',
+				     'chdir\("([^"]*)"\) .*= -[0-9]* EACCESS.*'] 
+
 		self.straceCreatePatterns=['.*\("([^"]*)",.*O_CREAT.*\) .* ENOENT .*',
-								   'bind\(.* path="([^"]*)".* ENOENT .*']
+					   'bind\(.* path="([^"]*)".* ENOENT .*']
 		self.straceSocketPatterns=['connect\(.* path="([^"]*)".* ENOENT .*']
 
 # Global variables
@@ -220,11 +228,24 @@
 def dpkgInfoFiles(package):
 	return readFileLines(config.debianDpkgInfoFile % package)
 
-def copyStat(source,target):
+def copyStatAndOwner(source,target):
+	# Keep all attributes
+	shutil.copystat(source,target)
+
+	# Copy user/group info
 	statInfos=os.stat(source)
-	os.chmod(target,statInfos[stat.ST_MODE])
 	os.chown(target,statInfos[stat.ST_UID],statInfos[stat.ST_GID])
 
+def unmountProc():
+	debug("Unmounting %s" % config.procPath)
+	moveIndent(1)
+	returnCode=os.system("umount -t proc %s%s" % (config.chroot,config.procPath))
+	if returnCode==0:
+		debug("%s unmounted successfully" % config.procPath)
+	else:
+		abort("Unable to unmount %s" % config.procPath)
+	moveIndent(-1)
+
 def mountProc():
 	debug("Mounting %s" % config.procPath)
 	moveIndent(1)
@@ -332,7 +353,14 @@
 			moveIndent(1)
 			addFileToJail(checkDir)
 			moveIndent(-1)
-	fileInChroot="%s%s" % (config.chroot,fileName)
+	# The directory part of fileName may be a symlink to an
+	# absolute pathname.  For example, fileName is
+	# "lib64/ld-linux.so.2" where "lib64" is a symlink to "/lib".
+	# In that case it should be resolved before constructing
+	# fileInChroot.  See http://bugs.debian.org/570695.
+	fileDir, baseName = os.path.split(fileName)
+	fileInChroot=os.path.join(config.chroot,os.path.realpath(fileDir)[1:],
+				  baseName)
 	if os.path.exists(fileInChroot):
 		if fileIsNewer(fileName,fileInChroot):
 			debug("   File %s is newer than the %s, overwriting" % (fileName,fileInChroot))
@@ -352,7 +380,9 @@
 			absoluteLinkTarget="%s/%s" % (fileDir,linkTarget)
 		newFiles=addFileToJail(absoluteLinkTarget)
 		missingFiles=missingFiles+newFiles
-		newWorkingDir="%s/%s" % (config.chroot,fileDir[1:])
+		# newWorkingDir may be a symlink to an absolute
+		# pathname.  See the above comment.
+		newWorkingDir="%s/%s" % (config.chroot,os.path.realpath(fileDir)[1:])
 		os.chdir(newWorkingDir)
 		debug("   Creating '%s' as a symlink to '%s' (pwd=%s)" % (fileName[1:],linkTarget,newWorkingDir))
 		os.symlink(linkTarget,os.path.split(fileName)[1])
@@ -400,9 +430,13 @@
 		addPasswdFile(fileName,"groups")
 	else:
 		debug("   Copying %s -> %s" % (fileName,fileInChroot))
-		shutil.copyfile(fileName,fileInChroot)
+		# Copy the file
+		shutil.copy(fileName,fileInChroot)
+		shutil.copystat(fileName,fileInChroot)
 		missingFiles.append(fileName)
-	copyStat(fileName,fileInChroot)
+
+	copyStatAndOwner(fileName,fileInChroot)
+
 	if os.path.isfile(fileName):
 		checkRequirements(fileName)
 	return missingFiles
@@ -440,7 +474,7 @@
 				chunk=files[i].read()
 				if chunk=="":
 					finished[i]=1
-				feedbackQueues[i]+=chunk
+				feedbackQueues[i]=feedbackQueues[i]+chunk
 		for i in (0,1):
 			while "\n" in feedbackQueues[i]:
 				pos=feedbackQueues[i].find("\n")
@@ -501,9 +535,14 @@
 			for line in ldd_lines:
 				if not(line):
 					continue
-				if string.find(line,"=>")==-1:
+				# Not all ldd lines include => they might
+				# reference the absolute path of the library
+				if string.find(line,"=>")==-1 and string.find(line,"/")==-1:
 					continue
-				lib=string.strip(string.split(string.split(line,"=>")[1],"(")[0])
+				if string.find(line,"=>")!=-1: 
+					lib=string.strip(string.split(string.split(line,"=>")[1],"(")[0])
+				else:
+					lib=string.strip(string.split(line,"(")[0])
 				addFileToJail(lib)
 			moveIndent(-1)
 	moveIndent(-1)
@@ -615,8 +654,6 @@
 def addMissingFilesFromProcess(items,testCommandsOutsideJail=[]):
 
 	straceTempFileName=tempfile.mktemp("trace")
-	straceTempFile=open(straceTempFileName,"w")
-	straceTempFile.close()
 
 	if not(type(items) in (types.ListType,types.TupleType)):
 		items=[items]
@@ -660,6 +697,13 @@
 			out.append(line)
 	debug(string.join(out," "))
 
+	# Join the generated pid-specific trace files (strace -ff) into one single trace file
+	# If there are no such files the following lines should do nothing.
+	debug("Joining pid-specific trace files (if any)...")
+	command=string.replace("cat %file.* >>%file 2>/dev/null","%file",straceTempFileName)
+	os.system(command)
+	os.system("rm -f %s.* >/dev/null 2>/dev/null" % straceTempFileName)
+
 	if config.straceCommandView:
 		command=string.replace(config.straceCommandView,"%file",straceTempFileName)
 		lines=execute(command)
@@ -804,6 +848,10 @@
 	global tmpOut
 
 	debug("Chroot directory is %s" % config.chroot)
+	if not(os.path.isdir(config.chroot)):
+		sys.stderr.write("ERROR: The chroot location defined '%s' does not exist. Please create it and run makejail again.\n" % config.chroot)
+		sys.exit(1)
+		
 
 	# In the strace output, the command attempt to access
 	# the directory where this script was started outside
@@ -823,6 +871,9 @@
 
 	killall(config.processNames)
 	if config.cleanJailFirst:
+		# We have to umount /proc before we proceed
+		if os.path.isdir(config.chroot+config.procPath):
+			unmountProc()
 		cleanJail()
 
 	# === Add packages
@@ -949,8 +1000,8 @@
 	except:
 		if fp:
 			fp.close()
-		sys.stderr.write("Cannot load configuration file '%s' as a python module\n" % file)
-		sys.stderr.write("Executing it with python which should display a syntax error:\n")
+		sys.stderr.write("ERROR: Cannot load configuration file '%s' as a python module\n" % file)
+		sys.stderr.write("ERROR: Executing it with python which should display a syntax error:\n")
 		os.system("python %s" % file)
 		sys.exit(1)
 
@@ -984,7 +1035,7 @@
 	try:
 		configFile=sys.argv[1]
 	except IndexError:
-		abort("Usage: %s configFile" % sys.argv[0])
+		abort("Usage: %s package\n\tpackage is the name of an installed package\n\t(a configuration file must exist in %s)" % (sys.argv[0],config.etcFile))
 
 	if os.path.isfile(config.etcFile):
 		loadConfig(config.etcFile)
--- makejail-0.0.5.orig/Makefile
+++ makejail-0.0.5/Makefile
@@ -1,6 +1,7 @@
 # Makefile for makejail
 
-prefix = /usr
+DESTDIR=/
+prefix = $(DESTDIR)/usr
 BIN_DIR = $(prefix)/sbin
 DOC_DIR = $(prefix)/share/doc/makejail
 MAN_DIR = $(prefix)/share/man/man8
@@ -14,11 +15,11 @@
 
 .PHONY: install distclean
 
-all:
+all: docs
 	@echo "Usage: make [install|uninstall|docs|clean_docs]"
 
 docs:
-	./makedocs
+	python makedocs
 	docbook-to-man manpage.sgml > $(MAN_PAGE)
 
 install:
@@ -32,7 +33,7 @@
 	cp doc/index.html $(HTML_DIR)
 	chmod 644 $(HTML_DIR)/index.html
 	if (test ! -d $(EXAMPLES_DIR)); then mkdir -p $(EXAMPLES_DIR) ; chmod 755 $(EXAMPLES_DIR) ; fi
-	cp -Rp examples/* $(EXAMPLES_DIR)
+	cp -a examples/* $(EXAMPLES_DIR)
 	chmod 644 $(EXAMPLES_DIR)/*
 	if (test ! -d $(MAN_DIR)); then mkdir -p $(MAN_DIR) ; chmod 755 $(MAN_DIR) ; fi
 	$(INSTALL) makejail.8 $(MAN_DIR)
--- makejail-0.0.5.orig/doc.src
+++ makejail-0.0.5/doc.src
@@ -18,7 +18,7 @@
 - the files which belongs to a package and eventually the packages it requires.
 
 When a file is added into the jail:
-- the shared librairies it needs (given by ldd) are added too.
+- the shared libraries it needs (given by ldd) are added too.
 - upper directories are created if needed.
 - if the file is a symbolic link, the target is added too.
 - all the checks to determine what files a file needs are recursive.
@@ -39,7 +39,7 @@
 H1:Configuration files
 
 The file must be written in a correct python syntax. The good news is that the syntax is simple, and you can eventually write some python code to define the syntax.
-Some default directives may be defined in /etc/makejail, the configuration file given on the command line has predecence.
+Some default directives may be defined in /etc/makejail/makejail.conf, the configuration file given on the command line has predecence.
 All paths you use in the configuration file must be absolute.
 
 __MANMODE=2__
@@ -61,7 +61,7 @@
 
 The commands used to start the daemon, a good starting point may be the command used in the startup script in /etc/init.d
 
-Format: ["command1","command2"]
+Format: ["command1", "command2"]
 
 Default: []
 
@@ -69,7 +69,7 @@
 
 The name of the runnning processes after the daemon has been started.
 
-Format: ["process1","process2"]
+Format: ["process1", "process2"]
 
 Default: []
 
@@ -81,7 +81,7 @@
 
 The test commands which should be executed.
 
-Format: ["command1","command2"]
+Format: ["command1", "command2"]
 
 Default: []
 
@@ -118,16 +118,16 @@
 Do not copy the files matching these patterns according to the rules used by the Unix shell.
 No tilde expansion is done, but *, ?, and character ranges expressed with [] will be correctly matched.
 
-Format: ["path1","path2"]
+Format: ["path1", "path2"]
 
-Default: ["/usr/share/doc","/usr/share/info","/usr/share/man","/etc/fstab","/etc/mtab"]
+Default: ["/usr/share/doc", "/usr/share/info", "/usr/share/man", "/etc/fstab", "/etc/mtab", "/proc"]
 
 H3:forceCopy
 
 When initializing the jail, copy the files matching these patterns according to the rules used by the Unix shell.
 No tilde expansion is done, but *, ?, and character ranges expressed with [] will be correctly matched.
 
-Format: ["path1","path2"]
+Format: ["path1", "path2"]
 
 Default: []
 
@@ -137,14 +137,14 @@
 
 Format: 0 to do nothing or 1 to remove files from the jail.
 
-Default: 1
+Default: 0
 
 H3:preserve
 
 Useful only if cleanJailFirst=1, makejail won't remove files or directories if their path begins with one of the strings in this list.
 When updating a jail, you should for example put the locations of log files here.
 
-Format: ["path1","path2"]
+Format: ["path1", "path2"]
 
 Default: []
 
@@ -162,7 +162,7 @@
 Makejail will filter the files listed in the directive userFiles and copy only lines matching these users, which means lines starting with "user:"
 You can use ["*"] to disable filtering and copy the whole file.
 
-Format: ["user1","user2"]
+Format: ["user1", "user2"]
 
 Default: []
 
@@ -171,7 +171,7 @@
 Makejail will filter the files listed in the directive groupFiles and copy only lines matching these groups, which means lines starting with "group:"
 You can use ["*"] to disable filtering and copy the whole file.
 
-Format: ["group1","group2"]
+Format: ["group1", "group2"]
 
 Default: []
 
@@ -219,7 +219,7 @@
 
 The name of the packages. It will copy the files which belongs to the package according to the file /var/lib/dpkg/info/$package.list.
 
-Format: ["package1","package2"]
+Format: ["package1", "package2"]
 
 Default: []
 
@@ -236,7 +236,7 @@
 
 Useful only if useDepends=1, it prevents the installation of these packages even if dpkg says they are required.
 
-Format: ["package1","package2"]
+Format: ["package1", "package2"]
 
 Default: []
 
@@ -252,15 +252,15 @@
 
 H3:pathToLdConfig
 
-Path to the executable ldconfig, used to generate the shared librairies cache. ldconfig is executed in the jail to regenerate this cache.
+Path to the executable ldconfig, used to generate the shared libraries cache. ldconfig is executed in the jail to regenerate this cache.
 
 Format: "/path/to/ldconfig"
 
-Default: "/sbin/ldconfig"
+Default: "/sbin/ldconfig" (Debian), "/sbin/ldconfig.real" (Ubuntu)
 
 H3:pathToLdSoConf
 
-The path to the configuration files used by ldconfig, which says which directories should be scanned searching for shared librairies.
+The path to the configuration files used by ldconfig, which says which directories should be scanned searching for shared libraries.
 Set this to None if your system doesn't use such a file.
 
 Format: "/path/to/ld.so.conf"
@@ -269,7 +269,7 @@
 
 H3:pathToLdSoCache
 
-The path to the shared librairies cache generated by ldconfig.
+The path to the shared libraries cache generated by ldconfig.
 
 Format: "/path/to/ld.so.cache"
 
@@ -287,17 +287,17 @@
 
 List of the files whose contents should be filtered, to keep only the users listed in the directive "users".
 
-Format: ["file1","file2]
+Format: ["file1", "file2]
 
-Default: ["/etc/passwd","/etc/shadow"]
+Default: ["/etc/passwd", "/etc/shadow"]
 
 H3:groupFiles
 
 List of the files whose contents should be filtered, to keep only the groups listed in the directive "groups".
 
-Format: ["file1","file2]
+Format: ["file1", "file2]
 
-Default:["/etc/group","/etc/gshadow"]
+Default:["/etc/group", "/etc/gshadow"]
 
 H3:tempDir
 
@@ -337,13 +337,13 @@
 
 Format: "strace_command [options] %command > %file"
 
-Default: "strace -f %command >/dev/null 2>>%file"
+Default: "strace -e trace=file,connect -e signal=none -f -ff -o %file %command >/dev/null 2>&1"
 
 H3:straceCommandPid
 
 String describing the strace command when attaching itself to a running process. "%pid" will be replaced by the id of the process to trace, and "%file" by the path to the temporary trace file.
 
-Format: "strace_command [options] %pid > %file"
+Format: "strace -e trace=file,connect -e signal=none -f -ff -o %file -p %pid >/dev/null 2>&1"
 
 Default: "strace -f -p %pid >/dev/null 2>>%file"
 
@@ -384,26 +384,26 @@
 Regular expressions to detect a failed attempt at accessing a file.
 If the file exists outside the jail makejail will copy it into the jail.
 
-Format: ["regexp1","regexp2",["regexp3","regexp3 for the next line"]]
+Format: ["regexp1", "regexp2", ["regexp3", "regexp3 for the next line"]]
 
-Default: ['.*\("([^"]*)",.*\) .* ENOENT .*']
+Default: ['.*("([^"]*)",.*) .* ENOENT .*']
 
 H3:straceCreatePatterns
 
 Regular expressions to detect a failed attempt at creating a file.
 If the directory where the file should be created exists outside the jail, it will create it inside the jail.
 
-Format: ["regexp1","regexp2",["regexp3","regexp3 for the next line"]]
+Format: ["regexp1", "regexp2", ["regexp3", "regexp3 for the next line"]]
 
-Default: ['.*\("([^"]*)",.*O_CREAT.*\) .* ENOENT .*','bind\(.* path="([^"]*)".* ENOENT .*']
+Default: ['.*("([^"]*)",.*O_CREAT.*) .* ENOENT .*','bind(.* path="([^"]*)".* ENOENT .*']
 
 H3:straceSocketPatterns
 
 Regular expressions to detect a failed attempt at accessing a socket.
 makejail can't create the socket, it will just print a warning.
 
-Format: ["regexp1","regexp2",["regexp3","regexp3 for the next line"]]
+Format: ["regexp1", "regexp2", ["regexp3", "regexp3 for the next line"]]
 
-Default: ['connect\(.* path="([^"]*)".* ENOENT .*']
+Default: ['connect(.* path="([^"]*)".* ENOENT .*']
 
 __MANMODE=0__
--- makejail-0.0.5.orig/manpage.sgml.template
+++ makejail-0.0.5/manpage.sgml.template
@@ -94,8 +94,18 @@
   </refsect1>
   <refsect1>
     <title>REPORTING BUGS</title>
-    <para>Report bugs to makejail@floc.net</para>
-  </refsect1>
+          <para>Makejail is heavily patched for Debian systems.
+          If you are using this program as part of the Debian
+          distribution you should report bugs to the Debian Bug Tracking System
+          using
+          submit@bugs.debian.org. For this you can use the
+          <command>reportbug</command> or <command>bug</command> program.
+          Please, read /usr/share/doc/debian/bug-reporting.txt
+          (or www.debian.org/Bugs) before doing so.</para>
+
+          <para>If you want to report bugs to the upstream maintainer use
+         makejail@floc.net</para>
+   </refsect1>
 </refentry>
 
 <!-- Keep this comment at the end of the file
--- makejail-0.0.5.orig/debian/dirs
+++ makejail-0.0.5/debian/dirs
@@ -0,0 +1,3 @@
+usr/sbin
+etc/makejail
+var/chroot
--- makejail-0.0.5.orig/debian/makejail.preinst
+++ makejail-0.0.5/debian/makejail.preinst
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+set -e
+
+# summary of how this script can be called:
+#        * <new-preinst> `install'
+#        * <new-preinst> `install' <old-version>
+#        * <new-preinst> `upgrade' <old-version>
+#        * <old-preinst> `abort-upgrade' <new-version>
+
+case "$1" in
+    install|upgrade)
+	# move directory to new location
+        if [ -f /etc/makejail ]; then
+          mv /etc/makejail /etc/makejail.conf
+          install -d -m 755 /etc/makejail
+          mv /etc/makejail.conf /etc/makejail
+        fi
+    ;;
+    configure)
+    ;;
+    abort-upgrade)
+    ;;
+    *)
+        echo "preinst called with unknown argument \`$1'" >&2
+        exit 0
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
--- makejail-0.0.5.orig/debian/NEWS.Debian
+++ makejail-0.0.5/debian/NEWS.Debian
@@ -0,0 +1,21 @@
+makejail (0.0.5-9) unstable; urgency=low
+
+  This release of makejail changes some configuration defaults, either for
+  security or to close bugs. If you want to maintain compatibility then please
+  create a file /etc/makejail/makejail.conf with the following entries:
+
+  -----------------------------------------------------------------------
+  doNotCopy=["/usr/share/doc", "/usr/share/info", "/usr/share/man",
+         "/etc/fstab", "/etc/mtab"]
+  straceCommand="strace -e trace=file,connect -e signal=none -f -ff
+         -o %file %command >/dev/null 2>&1"
+  straceCommandPid="strace -e trace=file,connect -e signal=none -f
+         -ff -o %file -p %pid >/dev/null 2>&1"
+  -----------------------------------------------------------------------
+
+  Also, this release changes the default configuration file. It is 
+  located now in /etc/makejail/makejail.conf. The old 
+  configuration file (/etc/makejail) will be moved transparently over
+  to the new location.
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@debian.org>  Mon, 22 Feb 2010 23:48:25 +0100
--- makejail-0.0.5.orig/debian/changelog
+++ makejail-0.0.5/debian/changelog
@@ -0,0 +1,164 @@
+makejail (0.0.5-9) unstable; urgency=low
+
+  * Fix pathname handling when the directory components include absolute
+    symlink. Thanks to Daiki Ueno for the patch (Closes: #570695).
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@debian.org>  Sat, 20 Mar 2010 12:49:51 +0100
+
+makejail (0.0.5-8) unstable; urgency=low
+
+  [ Changes by  Florian Grandel <jerico.dev@gmail.com ]
+  * Makejail default configuration now in /etc/makejail/makejail.conf
+    There is no conflict now with the /etc/makejail/ directory
+    and it is possible for the administrator to set defaults (Closes: #495112)
+  * Changed default for straceCommand/straceCommandPid to include child
+    threads (strace -ff)
+  * Changed default for doNotCopy for security reasons (added /proc)
+  * cleanJailFirst default now correctly documented, manual page now indicates
+  * that the default value for cleanJailFirst is
+    0 and not 1 (Closes: #495118) (closes: #495118)
+  * should now preserve POSIX attributes (closes: #310781), still
+    does not preserve ext2/ext3 attributes however
+  * now copies directory as a result of chdir by introducing additional
+    patterns to be processed in the strace (closes: #392773)
+  * now chowns copied files (closes: #495147)
+  * now correctly handles strace -ff (closes: #495277)
+  * fixes several lintian warnings
+  * updated policy version
+  * debian/rules: now builds the documentation (should not be included in
+    source)
+
+  [ Changes by Javier Fernandez-Sanguino ]
+  * Use debhelper compatibility version 5
+  * Check if /sbin/ldconfig.real exists (Ubuntu systems) and set
+    pathToLdConfig to /sbin/ldconfig.real to avoid
+    introducing bash in all jails. (LP: #263614, closes: #495116)
+  * Review documentation to fix a widespread typo in makejail
+    (librairies->libraries)
+  * Remove ISO-8859-1 encoding in examples/sshd.py as it prevented
+    it from being loaded in newer python versions due to issues
+    in enconding.
+  * Include the pam.d/common-* files in the example for sshd.
+  * Provides a more descriptive message if the target chroot directory does
+    not exist (Closes: #193087, #570607)
+  * Added Alexandre Ratti's documentation on how to setup a chrooted Apache
+    with makejail, credit him in debian/copyright and distribute the files
+    under the examples/ directory adjusting also the apache.py file.
+    (Closes: #171842)
+  * Add the Homepage location to debian/control as a pseudo-header
+  * Highlight in the manpage that the package is heavily patched
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org>  Tue, 23 Feb 2010 00:51:25 +0100
+
+
+makejail (0.0.5-7) unstable; urgency=low
+
+  * Ldd output has now changed and some libraries might not include a '=>'
+    but, rather, the absolute path. Patch makejail so it handles those lines.
+    This helps it detect that it needs to install /lib/ld-linux.so.2
+    in the jail (Closes: #358975)
+  * Use shutil.copystat instead of the inline CopyStat function in order to
+    properly preserve setuid bits (Closes: #310781)
+  * Use Debhelper compatibility version 4
+  * Add /usr/sbin/rndc to the example makejail file for Bind (Closes: #259453)
+  * Unmount /proc if we will attempt to clean the Jail first so that
+    reruning makejail will not fail if /proc is mounted (Closes: #375130)
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org>  Sun, 16 Jul 2006 17:28:08 +0200
+
+makejail (0.0.5-6) unstable; urgency=low
+
+  * Fix typo in manpage (Closes: #326537)
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org>  Sun,  4 Sep 2005 16:14:18 +0200
+
+makejail (0.0.5-5) unstable; urgency=low
+
+  * Proper debian/copyright file.
+  * Moved Build-Depends to Build-Depends-Indep
+  * Fixed description
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org>  Fri, 23 Jan 2004 18:04:49 +0100
+
+makejail (0.0.5-4) unstable; urgency=low
+
+  * Modified dependancies (Closes: #205944)
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org>  Wed, 20 Aug 2003 16:33:23 +0200
+
+makejail (0.0.5-3) unstable; urgency=low
+
+  * Now depends on python2.3 as asked for by python maintainers. 
+  * Removed 'stat | coreutils' from depends
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org>  Sun, 17 Aug 2003 12:45:33 +0200
+
+makejail (0.0.5-2) unstable; urgency=low
+
+  * Fixed doc.src so that groff does not give errors when reading
+    manpage.
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org>  Fri,  9 May 2003 20:26:18 +0200
+
+makejail (0.0.5-1) unstable; urgency=low
+
+  * New upstream version. 
+  * Fixed python2ism (Closes: #188332)
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org>  Fri, 11 Apr 2003 01:13:11 +0200
+
+makejail (0.0.4-2) unstable; urgency=low
+
+  * Fixed typo s/makefail/makejail/ (Closes: #169692)
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org>  Sun, 24 Nov 2002 23:31:29 +0100
+
+makejail (0.0.4-1) unstable; urgency=low
+
+  * New upstream release (integrates the fixes introduced in the 0.0.1-4
+    version)
+  * This version does not fix an unreported bug related to the use of
+    DebianInfoFile (it's called DebianInfoDir in one function)
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org>  Mon, 28 Oct 2002 19:28:38 +0100
+
+makejail (0.0.3-1) unstable; urgency=low
+
+  * New upstream release
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org>  Mon, 14 Oct 2002 17:29:36 +0200
+
+makejail (0.0.1-4) unstable; urgency=low
+
+  * Fixed makejail call to variable (Closes: #163187)
+  * Makedocs now called through python (Closes: #164068)
+  * Fixed Build-Depends to include python (used by makedocs)
+  * Changed tty in sshd.py to ttyp (Closes: #163189)
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org>  Mon, 14 Oct 2002 17:24:46 +0200
+
+makejail (0.0.1-3) unstable; urgency=low
+
+  * Changed depends: to coreutils (isn't this in Standard, the dependancy
+  is probably not needed) (Closes: #161446, #161898, #161321)
+  * Fixed typos in sshd configuration (Closes: #161684)
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org>  Mon, 23 Sep 2002 09:49:55 +0200
+
+makejail (0.0.1-2) unstable; urgency=low
+
+  * Added stat depends (Closes: #161321)
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org>  Wed, 18 Sep 2002 13:28:49 +0200
+
+makejail (0.0.1-1) unstable; urgency=low
+
+  * Initial Release.
+  * Fixed typo in makejail (librairies->libraries)
+  * Provided a sample sshd configuration file (currently in the
+  examples dir) not thoroughly tested.
+  * Fixed typo in makejail and in manpage (debianDpkgInfoDir)
+  * Fixed call in makejail (changed debianDpkgInfo to config.debianDpkg..)
+
+ -- Javier Fernandez-Sanguino Pen~a <jfs@computer.org>  Sat, 17 Aug 2002 11:36:37 +0200
+
--- makejail-0.0.5.orig/debian/copyright
+++ makejail-0.0.5/debian/copyright
@@ -0,0 +1,36 @@
+This package was debianized by 
+Javier Fernandez-Sanguino Peña <jfs@computer.org> on
+Sat, 17 Aug 2002 11:36:37 +0200.
+
+It was downloaded from http://www.floc.net/makejail/
+
+Upstream Author: Alain Tesio <alain@onesite.org>
+
+Copyright:
+
+    Copyright (C) 2002 Alain T??sio
+
+License:
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 1, or (at your option)
+    any later version.
+ 
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+ 
+This program is distributed under the GNU GPL license, you will find
+a copy of this in your Debian system under /usr/share/common-licenses/
+
+------------------------------------------------------------------------
+
+This package also includes a guide under examples/ on how to setup a chroot for
+Apache written by Alexandre Ratti and originally available at
+http://worldserver3.oleane.com/bouynot/gabuzomeu//alex/doc/apache/index-en.html
+
+This document is Copyright (c) 2002-2003 Alexandre Ratti. And dual-licensed
+under the GNU GPL 2 (GNU General Public License) and the GNU FDL 1.2 (GNU Free
+Documentation License).
--- makejail-0.0.5.orig/debian/README.Debian
+++ makejail-0.0.5/debian/README.Debian
@@ -0,0 +1,16 @@
+
+There are no configuration files provided with these package, mainly because
+they have not yet been tested throughly enough. All the candidates for
+configuration files are located at /usr/share/doc/makejail/examples.
+
+For example to create a jail for bind (if it's installed) execute (as root):
+
+# makejail /usr/share/doc/makejail/examples/bind.py 
+
+If you want to make changes to the example do the following (so it does not
+get overwritten in an upload):
+
+# cp /usr/share/doc/makejail/examples/bind.py  /etc/makejail.d/bind
+# makejail /etc/makejail.d/bind
+
+ -- Javier Fernandez-Sanguino <jfs@computer.org>, Sat, 17 Aug 2002 11:36:37 +0200
--- makejail-0.0.5.orig/debian/makejail.postrm
+++ makejail-0.0.5/debian/makejail.postrm
@@ -0,0 +1,8 @@
+#!/bin/bash -e
+
+#DEBHELPER#
+
+# delete migrated configuration on purge
+if [ "$1" = purge  -a -e /etc/makejail/makejail.conf ]; then
+  rm -f /etc/makejail/makejail.conf
+fi
--- makejail-0.0.5.orig/debian/no.conffiles
+++ makejail-0.0.5/debian/no.conffiles
@@ -0,0 +1,4 @@
+#
+# This package currently does not provide conffiles but will
+# probably do so in a near future (as soon as the examples/
+# subdir config files has been tested)
--- makejail-0.0.5.orig/debian/compat
+++ makejail-0.0.5/debian/compat
@@ -0,0 +1 @@
+5
--- makejail-0.0.5.orig/debian/rules
+++ makejail-0.0.5/debian/rules
@@ -0,0 +1,78 @@
+#!/usr/bin/make -f
+# Sample debian/rules that uses debhelper.
+# GNU copyright 1997 to 1999 by Joey Hess.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+# This is the debhelper compatibility version to use.
+#export DH_COMPAT=5
+
+
+ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS)))
+	CFLAGS += -g
+endif
+ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS)))
+	INSTALL_PROGRAM += -s
+endif
+
+build: build-stamp
+
+build-stamp: 
+	dh_testdir
+	$(MAKE) 
+	touch build-stamp
+
+clean:
+	dh_testdir
+	dh_testroot
+	rm -f build-stamp configure-stamp
+
+    # Clean generated documentation
+	-$(MAKE) clean_docs
+    # Clean stamps
+	rm -f build-stamp configure-stamp
+    # There is an uninstall target in the makefile
+    # but we don't have to call it as dh_clean will
+    # do the job anyway.
+	dh_clean
+
+install: build
+	dh_testdir
+	dh_testroot
+	dh_clean -k
+	dh_installdirs
+
+	# Install to debian's build directory
+	$(MAKE) install DESTDIR=$(CURDIR)/debian/makejail
+# Install lintian overrides
+	install -D -m 644 usr/share/lintian/overrides/makejail $(CURDIR)/debian/makejail/usr/share/lintian/overrides/makejail
+
+
+binary-arch: build install
+# Nothing to do.
+
+binary-indep: build install
+	dh_testdir
+	dh_testroot
+	dh_installdocs
+	dh_installexamples
+	dh_installmenu
+	dh_installcron
+	dh_installman
+	dh_installinfo
+	dh_installdebconf
+	dh_installchangelogs 
+	dh_link
+	dh_strip
+	dh_compress
+	dh_fixperms
+	dh_installdeb
+	dh_shlibdeps
+	dh_gencontrol
+	dh_md5sums
+	dh_builddeb
+
+binary: binary-indep binary-arch
+
+.PHONY: build clean binary-indep binary-arch binary install configure
--- makejail-0.0.5.orig/debian/control
+++ makejail-0.0.5/debian/control
@@ -0,0 +1,17 @@
+Source: makejail
+Section: admin
+Priority: optional
+Maintainer: Javier Fernandez-Sanguino Pen~a <jfs@computer.org>
+Build-Depends-Indep: docbook-to-man, python (>=2.2)
+Build-Depends: debhelper (>> 3.0.0), po-debconf
+Standards-Version: 3.7.3
+Homepage: http://www.floc.net/makejail/
+
+Package: makejail
+Architecture: all
+Depends: python (>= 2.2), python (<< 3), psmisc, strace, binstats, debconf
+Description: Automatically create chroot jails for programs
+ Makejail helps an administrator to create and update a chroot jail
+ using short configuration files. If not enough information is 
+ provided in these it will attempt to guess which files are required
+ by the daemon and will install all of them in the jail.
--- makejail-0.0.5.orig/examples/apache-chroot.html
+++ makejail-0.0.5/examples/apache-chroot.html
@@ -0,0 +1,238 @@
+<html>
+<head>
+<title> Chrooted Apache with makejail</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<meta name="title" lang="en" content="Setting up a chrooted Apache server with makejail on Debian GNU/Linux">
+<meta name="description" lang="en" content="How to set up a chrooted Apache daemon with the makejail script on a Debian GNU/Linux system.">
+<meta name="keywords" lang="en" content="chrooted Apache server, GNU/Linux">
+</head>
+<body bgcolor="#FFFFFF" text="#000000">
+<h1>Setting up a chrooted Apache server with makejail on Debian Woody</h1>
+<p class="version_date">$Revision: 1.8 $<br>
+  $Date: 2003/08/29 07:56:20 $</p>
+<h2>Introduction</h2>
+<p class="resume"></p>
+<p>The <code>chroot</code> utility is often used to jail a daemon in a restricted 
+  tree. You can use it to insulate services from one another, so that security 
+  issues in a software package do not jeoparize the whole server. When using the 
+  <code>makejail</code> script, setting up and updating the chrooted tree is much 
+  easier.</p>
+<h3 class="resume">Licensing</h3>
+<p class="licence">Copyright 2002-2003 Alexandre Ratti. This doc is dual-licensed 
+  under the GNU GPL 2 (<a href="http://www.gnu.org/licenses/gpl.html"></a><a href="http://www.gnu.org/licenses/gpl.html">GNU General 
+  Public License</a>)
+  and the GNU&nbsp;FDL&nbsp;1.2 (<a href="http://www.fsf.org/copyleft/fdl.html"></a><a href="http://www.fsf.org/copyleft/fdl.html">GNU Free Documentation License</a>). 
+  [<a href="http://worldserver3.oleane.com/bouynot/gabuzomeu/alex/doc/licences/index-en.html#GFDL">Tell me more</a>]</p>
+
+<h2>Installing the server</h2>
+<p>This procedure was tested on Debian GNU/Linux&nbsp;3.0 (Woody) with <code>makejail</code> 
+  0.0.4-1 (in Debian/testing).</p>
+<ol>
+  <li> 
+    <p>Log in as <code>root</code> and create a new jail directory:<br>
+      <br>
+      <code>mkdir -p /var/chroot/apache</code></p>
+  </li>
+  <li> 
+    <p>Create a new user and a new group. The chrooted Apache server will run 
+      as this user/group, which isn't used for anything else on the system. In 
+      this example, both user and group are called <code>chrapach</code>.<br>
+      <br>
+      <code>adduser --home /var/chroot/apache --shell /bin/false --no-create-home 
+      \<br>
+      --system --group chrapach</code><br>
+      <br>
+      <i>TODO&nbsp;: I created a system user; it is a good idea?</i></p>
+  </li>
+  <li> 
+    <p>Install Apache as usual on Debian:<br>
+      <br>
+      <code>apt-get install apache</code></p>
+  </li>
+  <li> 
+    <p>Set up Apache (eg. define your subdomains, etc.). In <code>/etc/apache/httpd.conf</code>, 
+      set the <em class="option">User</em> and<em class="option"> Group</em> options 
+      to <code>chrapach</code>. Then restart Apache and make sure the server is 
+      working correctly. Now, stop the Apache daemon. <br>
+      <br>
+      <code>User chrapach</code><br>
+      <code>Group chrapach<br>
+      <br>
+      /etc/init.d/apache restart<br>
+      ...<br>
+      /etc/init.d/apache stop</code></p>
+  </li>
+  <li> 
+    <p>Install<code> makejail</code> (available in Debian/testing for now). You 
+      should also also <code>wget</code> et <code>lynx</code> as they are used 
+      by <code>makejail</code> to test the chrooted server.<br>
+      <br>
+      <code>apt-get install makejail wget lynx</code></p>
+  </li>
+  <li> 
+    <p>Copy the sample config file for Apache.<br>
+      <br>
+      <code>cp /usr/share/doc/makejail/examples/apache.py /etc/makejail.d/</code></p>
+  </li>
+  <li> 
+    <p> Edit <code>/etc/makejail.d/apache.py</code>. You need to set the <code>chroot</code>, 
+      <code>users</code> and <code>groups</code> options. To run this version 
+      of <code>makejail</code>, I also added a <code>packages</code> option. See 
+      the <a href="http://www.floc.net/makejail/current/doc/"><code>makejail</code> 
+      doc</a>. Here is the content of my file&nbsp;:</p>
+    <pre>
+chroot=&quot;/var/chroot/apache&quot;
+testCommandsInsideJail=[&quot;/usr/sbin/apachectl start&quot;]
+processNames=[&quot;apache&quot;]
+testCommandsOutsideJail=[&quot;wget -r --spider http://localhost/&quot;,
+                         &quot;lynx --source https://localhost/&quot;]
+preserve=[&quot;/var/www&quot;,
+          &quot;/var/log/apache&quot;,
+          &quot;/dev/log&quot;]
+users=[&quot;chrapach&quot;]
+groups=[&quot;chrapach&quot;]
+packages=[&quot;apache&quot;, &quot;apache-common&quot;]
+userFiles=[&quot;/etc/password&quot;,
+           &quot;/etc/shadow&quot;]
+groupFiles=[&quot;/etc/group&quot;,
+            &quot;/etc/gshadow&quot;]
+forceCopy=[&quot;/etc/hosts&quot;,
+           &quot;/etc/mime.types&quot;]
+</pre>
+    <p><i>TODO: some options do not seem to work properly. For instance, <code>/etc/shadow</code> 
+      and<code>/etc/gshadow</code> are not copied, whereas <code>/etc/password</code> 
+      et <code>/etc/group</code> are fully copied instead of being filtered. </i></p>
+  </li>
+  <li> 
+    <p>Create the chroot tree:<br>
+      <br>
+      <code>makejail /etc/makejail.d/apache.py</code></p>
+  </li>
+  <li> 
+    <p>If <code>/etc/password</code> and <code>/etc/group</code> were fully copied, 
+      type:<br>
+      <br>
+      <code>grep chrapach /etc/passwd &gt; /var/chroot/apache/etc/passwd<br>
+      grep chrapach /etc/group &gt; /var/chroot/apache/etc/group</code><br>
+      <br>
+      to replace them with filtered copies.</p>
+  </li>
+  <li> 
+    <p>Copy the Web site pages and the logs into the jail. These files are not 
+      copied automatically (see the <code>preserve</code> option in the config 
+      file).<br>
+      <br>
+      <code>cp -Rp /var/www /var/chroot/apache/var<br>
+      cp -Rp /var/log/apache/*.log /var/chroot/apache/var/log/apache</code><br>
+    </p>
+  </li>
+  <li> 
+    <p>Edit the startup script for the system logging daemon so that it also listen 
+      to the <code>/var/chroot/apache/dev/log</code> socket. In <code>/etc/init.d/sysklogd</code>, 
+      replace:<br>
+      <br>
+      <code>SYSLOGD=&quot;&quot;</code><br>
+      <br>
+      with<br>
+      <br>
+      <code>SYSLOGD=&quot; -a /var/chroot/apache/dev/log&quot;</code><br>
+      <br>
+      and restart the daemon (<code>/etc/init.d/sysklogd restart</code>).</p>
+  </li>
+  <li> 
+    <p>Edit the Apache startup script (<code>/etc/init.d/apache</code>). I had 
+      to hack the default startup script for it to run properly with a chrooted 
+      tree. You need to:</p>
+    <ul>
+      <li>set a new <code>CHRDIR</code> variable at the top of the file;</li>
+      <li>edit the <code>start</code>, <code>stop</code>, <code>reload</code>, 
+        etc. sections;</li>
+      <li> 
+        <p>add a line to mount and unmount a<code>/proc</code> tree within the 
+          jail. </p>
+      </li>
+    </ul>
+    <p>See <a href="start-apache.sh">my file</a>. <br>
+      <i>TODO: should the first Apache process be run as another user than root 
+      (i.e. add --chuid chrapach:chrapach)? Cons: chrapach will need write access 
+      to the logs, which is awkward.</i></p>
+  </li>
+  <li> 
+    <p>In <code>/etc/logrotate.d/apache</code>, replace<br>
+      <br>
+      <code>/var/log/apache/*.log</code><br>
+      <br>
+      with<br>
+      <br>
+      <code>/var/chroot/apache/var/log/apache/*.log</code><br>
+    </p>
+  </li>
+  <li> 
+    <p>Start Apache (<code>/etc/init.d/apache start</code>) and check what is 
+      it reported in the jail log (<code>/var/chroot/apache/var/log/apache/error.log</code>). 
+      If your setup is more complex, (eg. if you also use PHP and MySQL), files 
+      will probably be missing. if some files are not copied automatically by 
+      <code>makejail</code>, you can list them in the <code>forceCopy</code> option 
+      in <code>/etc/makejail.d/apache.py</code>. </p>
+  </li>
+  <li> 
+    <p>Type &quot;<code>ps aux | grep apache</code>&quot; to make sure Apache 
+      is running. You should see:<br>
+      <br>
+      <code>root 180 0.0 1.1 2936 1436 ? S 04:03 0:00 /usr/sbin/apache<br>
+      chrapach 189 0.0 1.1 2960 1456 ? S 04:03 0:00 /usr/sbin/apache<br>
+      chrapach 190 0.0 1.1 2960 1456 ? S 04:03 0:00 /usr/sbin/apache<br>
+      chrapach 191 0.0 1.1 2960 1456 ? S 04:03 0:00 /usr/sbin/apache<br>
+      chrapach 192 0.0 1.1 2960 1456 ? S 04:03 0:00 /usr/sbin/apache<br>
+      chrapach 193 0.0 1.1 2960 1456 ? S 04:03 0:00 /usr/sbin/apache</code></p>
+  </li>
+  <li> Make sure the Apache processes are running chrooted&nbsp;:<br>
+    <br>
+    <code>ls -la /proc/<i>process_number</i>/root/.</code><br>
+    <br>
+    where <i>process</i> is one of the PID numbers listed above (2nd column; 189 
+    for instance). Entries for a restricted tree should be listed:<br>
+    <br>
+    <code>drwxr-sr-x 10 root staff 240 Dec 2 16:06 .<br>
+    drwxrwsr-x 4 root staff 72 Dec 2 08:07 ..<br>
+    drwxr-xr-x 2 root root 144 Dec 2 16:05 bin<br>
+    drwxr-xr-x 2 root root 120 Dec 3 04:03 dev<br>
+    drwxr-xr-x 5 root root 408 Dec 3 04:03 etc<br>
+    drwxr-xr-x 2 root root 800 Dec 2 16:06 lib<br>
+    dr-xr-xr-x 43 root root 0 Dec 3 05:03 proc<br>
+    drwxr-xr-x 2 root root 48 Dec 2 16:06 sbin<br>
+    drwxr-xr-x 6 root root 144 Dec 2 16:04 usr<br>
+    drwxr-xr-x 7 root root 168 Dec 2 16:06 var<br>
+    <br>
+    </code>To automate this test, you can type:<code><br>
+    <br>
+    ls -la /proc/`cat /var/chroot/apache/var/run/apache.pid`/root/.<br>
+    <br>
+    </code> <i>TODO: other tests that can be run to make sure the jail is closed?</i><code><br>
+    </code></li>
+</ol>
+<p><b>Why I like this script</b>: setting up the jail is not very difficult and 
+  the server can be updated in 2&nbsp;lines:</p>
+<blockquote> 
+  <p><code>apt-get update &amp;&amp; apt-get install apache</code><br>
+    <code>makejail /etc/makejail.d/apache.py</code> </p>
+</blockquote>
+<h2>See also</h2>
+<ul>
+  <li><a href="http://www.floc.net/makejail/"><code>makejail</code> homepage</a> 
+    (this script was written by Alain T&eacute;sio)</li>
+  <li><a href="http://www.easter-eggs.org/article242.html">Bind9 chroot&eacute; 
+    avec <code>makejail</code></a>, Pascal Brugier, easter-eggs.org, 21/03/2002</li>
+  <li><a href="http://www.networkdweebs.com/chroot.html">Chrooting daemons and 
+    system processes</a>, jonathan, Network Dweebs, 21/10/2002</li>
+  <li><a href="http://www.digitaltoad.net/docs/guide/secure_rh/chap29sec254.html">Apache 
+    in a chroot jail</a>, <i>Securing and Optimizing Linux</i>, Gerhard Mourani, 
+    2000 </li>
+</ul>
+<hr>
+<p>
+$Id: index-en.html,v 1.8 2003/08/29 07:56:20 alex Exp $
+ <br>
+Available at  http://www.gabuzomeu.net/alex/doc/apache/index-en.html
+</body>
+</html>
--- makejail-0.0.5.orig/examples/start-apache.sh
+++ makejail-0.0.5/examples/start-apache.sh
@@ -0,0 +1,81 @@
+#! /bin/bash
+#
+# apache	Start the apache HTTP server.
+#
+
+CHRDIR=/var/chroot/apache
+
+NAME=apache
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+DAEMON=/usr/sbin/apache
+SUEXEC=/usr/lib/apache/suexec
+PIDFILE=/var/run/$NAME.pid
+CONF=/etc/apache/httpd.conf
+APACHECTL=/usr/sbin/apachectl 
+
+trap "" 1
+export LANG=C
+export PATH
+
+test -f $DAEMON || exit 0
+test -f $APACHECTL || exit 0
+
+# ensure we don't leak environment vars into apachectl
+APACHECTL="env -i LANG=${LANG} PATH=${PATH} $APACHECTL"
+
+if egrep -q -i "^[[:space:]]*ServerType[[:space:]]+inet" $CONF
+then
+    exit 0
+fi
+
+case "$1" in
+  start)
+    echo -n "Starting web server: $NAME"
+    mount -t proc proc /var/chroot/apache/proc
+    start-stop-daemon --start --pidfile $PIDFILE --exec $DAEMON \
+	--chroot $CHRDIR
+    ;;
+
+  stop)
+    echo -n "Stopping web server: $NAME"
+    start-stop-daemon --stop --pidfile "$CHRDIR/$PIDFILE" --oknodo
+    umount /var/chroot/apache/proc
+    ;;
+
+  reload)
+    echo -n "Reloading $NAME configuration"
+    start-stop-daemon --stop --pidfile "$CHRDIR/$PIDFILE" \
+	--signal USR1 --startas $DAEMON --chroot $CHRDIR
+    ;;
+
+  reload-modules)
+    echo -n "Reloading $NAME modules"
+    start-stop-daemon --stop --pidfile "$CHRDIR/$PIDFILE" --oknodo \
+	--retry 30
+    start-stop-daemon --start --pidfile $PIDFILE \
+	--exec $DAEMON --chroot $CHRDIR
+    ;;
+
+  restart)
+    $0 reload-modules
+    exit $?
+    ;;
+
+  force-reload)
+    $0 reload-modules
+    exit $?
+    ;;
+
+  *)
+    echo "Usage: /etc/init.d/$NAME {start|stop|reload|reload-modules|force-reload|restart}"
+    exit 1
+    ;;
+esac
+
+if [ $? == 0 ]; then
+	echo .
+	exit 0
+else
+	echo failed
+	exit 1
+fi
--- makejail-0.0.5.orig/examples/sshd.py
+++ makejail-0.0.5/examples/sshd.py
@@ -1,15 +1,16 @@
 # Makejail configuration file for sshd
 # 
-# Created by Javier Fernandez-sanguino Pe�a  <jfs@computer.org>
+# Created by Javier Fernandez-sanguino <jfs@computer.org>
 # Thu, 29 Aug 2002 23:44:51 +0200
 #
 chroot="/var/chroot/sshd"
 forceCopy=["/etc/ssh/ssh_host*","/etc/ssh/sshd*","/etc/ssh/moduli",
 	"/etc/pam.conf","/etc/security/*","/etc/pam.d/ssh","/etc/pam.d/other",
+	"/etc/pam.d/common*",
 	"/etc/hosts","/etc/nsswitch.conf",
 	"/var/run/sshd","/lib/security/*",
 	"/etc/shells", "/etc/nologin","/etc/environment","/etc/motd",
-	"/etc/shadow","/etc/hosts*",
+	"/etc/shadow","/etc/hosts*", 
 	"/bin/*sh", "/lib/libnss*",
 	"/dev/pt*","/dev/ttyp[0-9]*"]
 
@@ -48,11 +49,13 @@
 #
 # 4.- Create the user directories under /home and copy their files there
 #
-# 5.- Users will not be able to a single thing in the restricted environment
+# 5.- Users will not be able to do a single thing in the restricted environment
 #     besides running their shell. You will have to add some utilities
 #     to the chrooted environement. Try adding this to the configuration
-# packages=["fileutils"]
+# packages=["coreutils"]
 #     You can add any other Debian packages you want users to have access
 #     to.
 # 
-# WARNING: this configuration file has only been slightly tested. not yet thoroughly tested yet.
+# WARNING: this configuration file has only been slightly tested. 
+#          It has not been thoroughly tested yet.
+
--- makejail-0.0.5.orig/examples/bind.py
+++ makejail-0.0.5/examples/bind.py
@@ -1,5 +1,5 @@
 chroot="/var/chroot/bind"
-forceCopy=["/etc/bind/*","/var/cache/bind"]
+forceCopy=["/etc/bind/*","/var/cache/bind","/usr/sbin/rndc"]
 preserve=["/var/cache/bind"]
 testCommandsInsideJail=["start-stop-daemon --start --quiet --pidfile /var/run/named.pid --exec /usr/sbin/named"]
 processNames=["named"]
@@ -17,6 +17,7 @@
 # handle /proc (mount when it starts, unmount when it stops):
 # chroot /var/chroot/apache /bin/mount /proc
 #
-# configure syslog to also listen to the socket /var/chroot/bind/dev/log, restart sysklogd
+# configure syslog to also listen to the socket /var/chroot/bind/dev/log, 
+# restart sysklogd
 
 # tested successfully with bind 9.2.0 on Debian woody
--- makejail-0.0.5.orig/examples/apache.py
+++ makejail-0.0.5/examples/apache.py
@@ -5,14 +5,21 @@
 # Eventually append here the commands which access some services
 # such as cgi or php scripts, database access, ...
 testCommandsOutsideJail=["wget -r --spider http://localhost/",
-						 "lynx --source https://localhost/"]
+			 "lynx --source https://localhost/"]
 
 preserve=["/var/www",
-		  "/var/log/apache",
-		  "/dev/log"]
+	  "/var/log/apache",
+	  "/dev/log"]
 users=["www-data"]
 groups=["www-data"]
 
+userFiles=["/etc/password",
+           "/etc/shadow"]
+groupFiles=["/etc/group",
+            "/etc/gshadow"]
+forceCopy=["/etc/hosts",
+           "/etc/mime.types"]
+
 # launch makejail
 #
 # copy the documents and the logs to the jail
--- makejail-0.0.5.orig/usr/share/lintian/overrides/makejail
+++ makejail-0.0.5/usr/share/lintian/overrides/makejail
@@ -0,0 +1 @@
+makejail: non-standard-dir-in-var var/chroot/