macOS
brew install jailkitlocal Homebrew formula metadata
sudo port install jailkitMacPorts ports tree · security/jailkit/Portfile · source: api.github.com
brew
Utilities to create limited user accounts in a chroot jail. Version 2.23 via Homebrew; verified from local package data.
install
brew install jailkitlocal Homebrew formula metadata
sudo port install jailkitMacPorts ports tree · security/jailkit/Portfile · source: api.github.com
sudo apt install jailkitDebian stable package indexes · jailkit · source: deb.debian.org
overview
Utilities to create limited user accounts in a chroot jail
history
Jailkit is a Unix security toolkit for creating and maintaining chroot jails for users, shells, and daemons. It is an older, conservative package whose value is automation around a risky primitive: `chroot`.
The project page and man page credit Olivier Sessink and carry copyright years beginning in 2003. Jailkit was built to automate repeated chroot setup tasks, including copying binaries and libraries into a jail, limiting commands through a restricted shell, checking jail integrity, and forwarding logs from inside a jail.
The project has stayed intentionally narrow. The homepage emphasizes stable, security-focused behavior: utilities abort when configuration or environment checks are not secure, and syslog messages explain what failed. Maintenance releases in 2019 and 2021 focused on Python 3 compatibility, `jk_update`, `jk_init`, and man-page cleanup rather than broad feature expansion.
The homepage states that Jailkit is used in network security appliances, large enterprise and ISP internet servers, smaller companies, and private deployments for securing CVS, SFTP, shell, and daemon processes. Homebrew API data available during this enrichment recorded 142 installs over 365 days, which matches a specialized system-administration tool with long tail usage.
Administrators use Jailkit to initialize a jail, copy only the commands and libraries needed for a task, move users into the jail, restrict allowed commands through `jk_lsh`, and check common jail security mistakes with `jk_check`. The man page stresses that writable system directories, setuid programs, and root privileges inside a jail can defeat the intended isolation.
Jailkit matters to package nerds because it packages institutional Unix hardening lore into named commands: `jk_init`, `jk_cp`, `jk_chrootsh`, `jk_lsh`, `jk_jailuser`, `jk_check`, and friends. It is not glamorous, but it turns chroot from a hand-built directory-tree ritual into repeatable system administration.
security posture
narrow executable package without higher-risk signals.
green risk · low confidence · appliance
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
/etc/jailkit/JAIL/etc/jailkit/executables
| Command | Kind | Exposure | Note |
|---|---|---|---|
jk_check | cli | global executable | |
jk_chrootlaunch | cli | global executable | |
jk_chrootsh | cli | global executable | |
jk_cp | cli | global executable | |
jk_init | cli | global executable | |
jk_jailuser | cli | global executable | |
jk_list | cli | global executable | |
jk_lsh | cli | global executable | |
jk_socketd | cli | global executable | |
jk_uchroot | cli | global executable | |
jk_update | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://olivier.sessink.nl/jailkit/
install metadata
| Package key | brew:jailkit |
|---|---|
| Version | 2.23 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/jailkit |
| Homepage | https://olivier.sessink.nl/jailkit/ |
| Repository | https://cvs.savannah.nongnu.org/viewvc/jailkit |
| Upstream docs | https://olivier.sessink.nl/jailkit |
| License | BSD-3-Clause AND LGPL-2.0-or-later |
| Source archive | https://olivier.sessink.nl/jailkit/jailkit-2.23.tar.bz2 |
| Dependencies | python@3.14 |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | jailkit |
| Version Scheme | 0 |
| Revision | 1 |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
jailkit 2.23-2+b1
tools to generate chroot jails easily
https://olivier.sessink.nl/jailkit/
sudo apt install jailkitjailkit 2.23-2
tools to generate chroot jails easily
https://olivier.sessink.nl/jailkit/
sudo apt install jailkitjailkit
sudo port install jailkitsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.