# Install jailkit with Homebrew, apt, MacPorts

Utilities to create limited user accounts in a chroot jail. Version 2.23 via Homebrew; verified from local package data.

## Install

```sh
sudo av install brew:jailkit
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install jailkit
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install jailkit
```

  Evidence: MacPorts ports tree: security/jailkit/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- Debian apt (92%):

```sh
sudo apt install jailkit
```

  Evidence: Debian stable package indexes: jailkit from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

## Package facts

- **Package key:** brew:jailkit
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/jailkit>
- **Version:** 2.23
- **Source summary:** Utilities to create limited user accounts in a chroot jail
- **Homepage:** <https://olivier.sessink.nl/jailkit/>
- **Repository:** <https://cvs.savannah.nongnu.org/viewvc/jailkit>
- **Upstream docs:** <https://olivier.sessink.nl/jailkit>
- **License:** BSD-3-Clause AND LGPL-2.0-or-later
- **Source archive:** <https://olivier.sessink.nl/jailkit/jailkit-2.23.tar.bz2>
- **Generated:** 2026-07-09T07:20:21+00:00

## Executables

- jk_check (cli)
- jk_chrootlaunch (cli)
- jk_chrootsh (cli)
- jk_cp (cli)
- jk_init (cli)
- jk_jailuser (cli)
- jk_list (cli)
- jk_lsh (cli)
- jk_socketd (cli)
- jk_uchroot (cli)
- jk_update (cli)
- jk_check (alias)
- jk_chrootlaunch (alias)
- jk_chrootsh (alias)
- jk_cp (alias)
- jk_init (alias)
- jk_jailuser (alias)
- jk_list (alias)
- jk_lsh (alias)
- jk_socketd (alias)
- jk_uchroot (alias)
- jk_update (alias)

## Dependencies

- python@3.14

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-09
- Package-manager version: 2.23
- Local data: ok
- Upstream repository: https://olivier.sessink.nl/jailkit/
- info: No package-manager update timestamp was available.
- info: Release/tag comparison is only available for GitHub repositories.
## Project history and usage

Jailkit is a Unix security toolkit for creating and maintaining chroot jails for users, shells, and daemons. It is an older, conservative package whose value is automation around a risky primitive: `chroot`.

### Project history

The project page and man page credit Olivier Sessink and carry copyright years beginning in 2003. Jailkit was built to automate repeated chroot setup tasks, including copying binaries and libraries into a jail, limiting commands through a restricted shell, checking jail integrity, and forwarding logs from inside a jail.

The project has stayed intentionally narrow. The homepage emphasizes stable, security-focused behavior: utilities abort when configuration or environment checks are not secure, and syslog messages explain what failed. Maintenance releases in 2019 and 2021 focused on Python 3 compatibility, `jk_update`, `jk_init`, and man-page cleanup rather than broad feature expansion.

### Adoption history

The homepage states that Jailkit is used in network security appliances, large enterprise and ISP internet servers, smaller companies, and private deployments for securing CVS, SFTP, shell, and daemon processes. Homebrew API data available during this enrichment recorded 142 installs over 365 days, which matches a specialized system-administration tool with long tail usage.

### How it is used

Administrators use Jailkit to initialize a jail, copy only the commands and libraries needed for a task, move users into the jail, restrict allowed commands through `jk_lsh`, and check common jail security mistakes with `jk_check`. The man page stresses that writable system directories, setuid programs, and root privileges inside a jail can defeat the intended isolation.

### Why package nerds care

Jailkit matters to package nerds because it packages institutional Unix hardening lore into named commands: `jk_init`, `jk_cp`, `jk_chrootsh`, `jk_lsh`, `jk_jailuser`, `jk_check`, and friends. It is not glamorous, but it turns chroot from a hand-built directory-tree ritual into repeatable system administration.

### Timeline

- 2003: Project copyright and man-page history begin under Olivier Sessink.
- 2019: Jailkit 2.21 added full Python 3 compatibility and removed the long-deprecated `jk_addjailuser` utility.
- 2021: Jailkit 2.22 fixed Python 3 compatibility in `jk_update` and improved `jk_init.ini` defaults.
- 2021: Jailkit 2.23 fixed `jk_init` edge cases and cleaned up man-page locations.
- 2026: The project page documented non-exposure to CVE-2026-23268/CVE-2026-23269 because Jailkit exits when required system calls fail or are not permitted.

### Related projects

- Jailkit is related to the Unix `chroot(2)` facility, OpenSSH restricted SFTP setups, limited shells, rsync/scp/CVS jail deployments, and OS-level isolation mechanisms. Unlike containers, its focus is small, explicit filesystem jails for accounts and daemons.

### Sources

- <https://cvs.savannah.nongnu.org/viewvc/jailkit>
- <https://formulae.brew.sh/api/formula/jailkit.json>
- <https://olivier.sessink.nl/jailkit/>
- <https://olivier.sessink.nl/jailkit/jailkit.8.html>
- <https://savannah.nongnu.org/projects/jailkit>


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: /etc/jailkit/, JAIL/etc/jailkit/
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** jailkit
- **Version Scheme:** 0
- **Revision:** 1
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable

## Other Package-Manager Records

- Debian apt - jailkit - 2.23-2+b1: normalized package name match | Debian stable package indexes: jailkit from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | tools to generate chroot jails easily | https://olivier.sessink.nl/jailkit/
- Ubuntu apt - jailkit - 2.23-2: normalized package name match | Ubuntu 24.04 LTS package indexes: jailkit from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | tools to generate chroot jails easily | https://olivier.sessink.nl/jailkit/
- MacPorts - jailkit: normalized package name match | MacPorts ports tree: security/jailkit/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1


## Related links

- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [Homebrew utility packages](https://www.automicvault.com/pkg/brew-utility-packages/) - Matched Homebrew package provider.
- [python@3.14](https://www.automicvault.com/pkg/brew/python-3-14/) - Runtime dependency declared by Homebrew.
- [fence](https://www.automicvault.com/pkg/brew/fence/) - Shares av.db curated category or tags: cli, sandboxing, security.
- [libseccomp](https://www.automicvault.com/pkg/brew/libseccomp/) - Shares av.db curated category or tags: cli, sandboxing, security.
- [bubblewrap](https://www.automicvault.com/pkg/brew/bubblewrap/) - Shares av.db curated category or tags: cli, sandboxing, security.
- [chkrootkit](https://www.automicvault.com/pkg/brew/chkrootkit/) - Shares av.db curated category or tags: cli, security, unix.
- [duo_unix](https://www.automicvault.com/pkg/brew/duo-unix/) - Shares av.db curated category or tags: cli, security, unix.
- [john](https://www.automicvault.com/pkg/brew/john/) - Shares av.db curated category or tags: cli, security, unix.
- [landrun](https://www.automicvault.com/pkg/brew/landrun/) - Shares av.db curated category or tags: cli, sandboxing, security.
- [nono](https://www.automicvault.com/pkg/brew/nono/) - Shares av.db curated category or tags: cli, sandboxing, security.
- [name-that-hash](https://www.automicvault.com/pkg/brew/name-that-hash/) - Both packages touch the same language runtime or ecosystem. Shared terms: cli, python, python-3-14, security, system.
- [rush](https://www.automicvault.com/pkg/brew/rush/) - Security-sensitive metadata or terminology overlaps. Shared terms: administration, cli, security, system, system-administration.
- [bandit](https://www.automicvault.com/pkg/brew/bandit/) - Both packages touch the same language runtime or ecosystem. Shared terms: cli, python, python-3-14, security.

## Combined YAML source

View the package source record on GitHub. [combined/jailkit.yml](https://github.com/automic-vault/db/blob/main/combined/jailkit.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
