Automic VaultAutomic Vault

brew

Install jailkit with Homebrew, apt, MacPorts

Utilities to create limited user accounts in a chroot jail. Version 2.23 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install jailkit

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install jailkit

MacPorts ports tree · security/jailkit/Portfile · source: api.github.com

Linux

Debian aptverified · 92%
sudo apt install jailkit

Debian stable package indexes · jailkit · source: deb.debian.org

overview

Package summary

Utilities to create limited user accounts in a chroot jail

Commands and aliases

  • jk_check
  • jk_chrootlaunch
  • jk_chrootsh
  • jk_cp
  • jk_init
  • jk_jailuser
  • jk_list
  • jk_lsh
  • jk_socketd
  • jk_uchroot
  • jk_update

history

Project history and usage

Jailkit is a Unix security toolkit for creating and maintaining chroot jails for users, shells, and daemons. It is an older, conservative package whose value is automation around a risky primitive: `chroot`.

Project history

The project page and man page credit Olivier Sessink and carry copyright years beginning in 2003. Jailkit was built to automate repeated chroot setup tasks, including copying binaries and libraries into a jail, limiting commands through a restricted shell, checking jail integrity, and forwarding logs from inside a jail.

The project has stayed intentionally narrow. The homepage emphasizes stable, security-focused behavior: utilities abort when configuration or environment checks are not secure, and syslog messages explain what failed. Maintenance releases in 2019 and 2021 focused on Python 3 compatibility, `jk_update`, `jk_init`, and man-page cleanup rather than broad feature expansion.

Adoption history

The homepage states that Jailkit is used in network security appliances, large enterprise and ISP internet servers, smaller companies, and private deployments for securing CVS, SFTP, shell, and daemon processes. Homebrew API data available during this enrichment recorded 142 installs over 365 days, which matches a specialized system-administration tool with long tail usage.

How it is used

Administrators use Jailkit to initialize a jail, copy only the commands and libraries needed for a task, move users into the jail, restrict allowed commands through `jk_lsh`, and check common jail security mistakes with `jk_check`. The man page stresses that writable system directories, setuid programs, and root privileges inside a jail can defeat the intended isolation.

Why package nerds care

Jailkit matters to package nerds because it packages institutional Unix hardening lore into named commands: `jk_init`, `jk_cp`, `jk_chrootsh`, `jk_lsh`, `jk_jailuser`, `jk_check`, and friends. It is not glamorous, but it turns chroot from a hand-built directory-tree ritual into repeatable system administration.

Timeline

  • 2003: Project copyright and man-page history begin under Olivier Sessink.
  • 2019: Jailkit 2.21 added full Python 3 compatibility and removed the long-deprecated `jk_addjailuser` utility.
  • 2021: Jailkit 2.22 fixed Python 3 compatibility in `jk_update` and improved `jk_init.ini` defaults.
  • 2021: Jailkit 2.23 fixed `jk_init` edge cases and cleaned up man-page locations.
  • 2026: The project page documented non-exposure to CVE-2026-23268/CVE-2026-23269 because Jailkit exits when required system calls fail or are not permitted.

Related projects

  • Jailkit is related to the Unix `chroot(2)` facility, OpenSSH restricted SFTP setups, limited shells, rsync/scp/CVS jail deployments, and OS-level isolation mechanisms. Unlike containers, its focus is small, explicit filesystem jails for accounts and daemons.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installs with 1 runtime dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
/etc/jailkit/JAIL/etc/jailkit/

executables

Installed executables

CommandKindExposureNote
jk_checkcliglobal executable
jk_chrootlaunchcliglobal executable
jk_chrootshcliglobal executable
jk_cpcliglobal executable
jk_initcliglobal executable
jk_jailusercliglobal executable
jk_listcliglobal executable
jk_lshcliglobal executable
jk_socketdcliglobal executable
jk_uchrootcliglobal executable
jk_updatecliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version2.23
manager updated
local dataok
upstreamnot checked
latest detectednot detected

https://olivier.sessink.nl/jailkit/

  • infoNo package-manager update timestamp was available.low confidence
  • infoRelease/tag comparison is only available for GitHub repositories.https://olivier.sessink.nl/jailkit/none confidence

install metadata

Package metadata

Package keybrew:jailkit
Version2.23
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/jailkit
Homepagehttps://olivier.sessink.nl/jailkit/
Repositoryhttps://cvs.savannah.nongnu.org/viewvc/jailkit
Upstream docshttps://olivier.sessink.nl/jailkit
LicenseBSD-3-Clause AND LGPL-2.0-or-later
Source archivehttps://olivier.sessink.nl/jailkit/jailkit-2.23.tar.bz2
Dependenciespython@3.14
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namejailkit
Version Scheme0
Revision1
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Debian apt95%

jailkit 2.23-2+b1

tools to generate chroot jails easily

https://olivier.sessink.nl/jailkit/

sudo apt install jailkit
  • Section: utils
  • Architecture: amd64
  • Source Package: jailkit
  • 2 dependencies
  • normalized package name match
  • Matched by: Jailkit
Debian stable package indexes · deb.debian.org · Debian stable package indexes: jailkit from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Ubuntu apt95%

jailkit 2.23-2

tools to generate chroot jails easily

https://olivier.sessink.nl/jailkit/

sudo apt install jailkit
  • Section: universe/utils
  • Architecture: amd64
  • 2 dependencies
  • normalized package name match
  • Matched by: Jailkit
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: jailkit from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
MacPorts95%

jailkit

sudo port install jailkit
  • normalized package name match
  • Matched by: Jailkit
MacPorts ports tree · api.github.com · MacPorts ports tree: security/jailkit/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment