Having issue when sftp is used to jail users, the cli is working correctly as it should be.
Debug information from the user 'jailed' where the only allowed folder is /home/jailed
Jan 8 11:09:31 server01 sshd[2138]: Accepted password for jailed from 192.168.235.9 port 55079 ssh2
Jan 8 11:09:31 server01 sshd[2138]: pam_unix(sshd:session): session opened for user jailed by (uid=0)
Jan 8 11:09:31 server01 jsh[2144]: setenv: SCPEXEC=1
Jan 8 11:09:31 server01 jsh[2144]: setenv: SCPDIR=/home/public:/etc/crypto-policies/back-ends
Jan 8 11:09:31 server01 jsh[2144]: setenv: SFTP_SERVER=/usr/libexec/openssh/sftp-server
Jan 8 11:09:31 server01 jsh[2144]: setenv: alias_ls=ls -a --color=auto
Jan 8 11:09:31 server01 jsh[2144]: setenv: alias_grep=grep --color=auto
Jan 8 11:09:31 server01 jsh[2144]: HOMEJAIL enabled on /home/jailed
Jan 8 11:09:31 server01 jsh[2144]: get SSH_CLIENT = 192.168.235.9 55079 22
Jan 8 11:09:31 server01 jsh[2144]: get SSH_PORT = 22
Jan 8 11:09:31 server01 jsh[2144]: -c '/usr/libexec/openssh/sftp-server'
Jan 8 11:09:31 server01 jsh[2144]: exec [/usr/libexec/openssh/sftp-server] mode [2]
Jan 8 11:09:31 server01 jsh[2144]: Start tracing /usr/libexec/openssh/sftp-server
Jan 8 11:09:31 server01 jsh[2144]: injail triggered by openat("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC <0x80000>)
Jan 8 11:09:31 server01 jsh[2144]: bypass openat("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC <0x80000>)
Jan 8 11:09:31 server01 jsh[2144]: openat("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC <0x80000>) = 3
Jan 8 11:09:31 server01 jsh[2144]: bypass openat("/lib64/libcrypto.so.1.1", O_RDONLY|O_CLOEXEC <0x80000>)
Jan 8 11:09:31 server01 jsh[2144]: openat("/lib64/libcrypto.so.1.1", O_RDONLY|O_CLOEXEC <0x80000>) = 3
Jan 8 11:09:31 server01 jsh[2144]: bypass openat("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC <0x80000>)
Jan 8 11:09:31 server01 jsh[2144]: openat("/lib64/libdl.so.2", O_RDONLY|O_CLOEXEC <0x80000>) = 3
Jan 8 11:09:31 server01 jsh[2144]: bypass openat("/lib64/libutil.so.1", O_RDONLY|O_CLOEXEC <0x80000>)
Jan 8 11:09:31 server01 jsh[2144]: openat("/lib64/libutil.so.1", O_RDONLY|O_CLOEXEC <0x80000>) = 3
Jan 8 11:09:31 server01 jsh[2144]: bypass openat("/lib64/libz.so.1", O_RDONLY|O_CLOEXEC <0x80000>)
Jan 8 11:09:31 server01 jsh[2144]: openat("/lib64/libz.so.1", O_RDONLY|O_CLOEXEC <0x80000>) = 3
Jan 8 11:09:31 server01 jsh[2144]: bypass openat("/lib64/libcrypt.so.1", O_RDONLY|O_CLOEXEC <0x80000>)
Jan 8 11:09:31 server01 jsh[2144]: openat("/lib64/libcrypt.so.1", O_RDONLY|O_CLOEXEC <0x80000>) = 3
Jan 8 11:09:31 server01 jsh[2144]: bypass openat("/lib64/libresolv.so.2", O_RDONLY|O_CLOEXEC <0x80000>)
Jan 8 11:09:31 server01 jsh[2144]: openat("/lib64/libresolv.so.2", O_RDONLY|O_CLOEXEC <0x80000>) = 3
Jan 8 11:09:31 server01 jsh[2144]: bypass openat("/lib64/libselinux.so.1", O_RDONLY|O_CLOEXEC <0x80000>)
Jan 8 11:09:31 server01 jsh[2144]: openat("/lib64/libselinux.so.1", O_RDONLY|O_CLOEXEC <0x80000>) = 3
Jan 8 11:09:31 server01 jsh[2144]: bypass openat("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC <0x80000>)
Jan 8 11:09:31 server01 jsh[2144]: openat("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC <0x80000>) = 3
Jan 8 11:09:31 server01 jsh[2144]: bypass openat("/lib64/libpthread.so.0", O_RDONLY|O_CLOEXEC <0x80000>)
Jan 8 11:09:31 server01 jsh[2144]: openat("/lib64/libpthread.so.0", O_RDONLY|O_CLOEXEC <0x80000>) = 3
Jan 8 11:09:31 server01 jsh[2144]: bypass openat("/lib64/libpcre2-8.so.0", O_RDONLY|O_CLOEXEC <0x80000>)
Jan 8 11:09:31 server01 jsh[2144]: openat("/lib64/libpcre2-8.so.0", O_RDONLY|O_CLOEXEC <0x80000>) = 3
Jan 8 11:09:31 server01 jsh[2144]: '/proc/' is not any subdir of '/home/jailed'
Jan 8 11:09:31 server01 jsh[2144]: '/proc/' is not any subdir of '/home/public:/etc/crypto-policies/back-ends'
Jan 8 11:09:31 server01 jsh[2144]: deny openat("/proc/filesystems", O_RDONLY|O_CLOEXEC <0x80000>)
Jan 8 11:09:31 server01 jsh[2144]: redirect: openat("/proc/filesystems", O_RDONLY|O_CLOEXEC <0x80000>) = -13
Jan 8 11:09:31 server01 jsh[2144]: '/proc/' is not any subdir of '/home/jailed'
Jan 8 11:09:31 server01 jsh[2144]: '/proc/' is not any subdir of '/home/public:/etc/crypto-policies/back-ends'
Jan 8 11:09:31 server01 jsh[2144]: deny openat("/proc/mounts", O_RDONLY|O_CLOEXEC <0x80000>)
Jan 8 11:09:31 server01 jsh[2144]: redirect: openat("/proc/mounts", O_RDONLY|O_CLOEXEC <0x80000>) = -13
Jan 8 11:09:31 server01 jsh[2144]: bypass openat("/proc/sys/crypto/fips_enabled", O_RDONLY <0x0>)
Jan 8 11:09:31 server01 jsh[2144]: openat("/proc/sys/crypto/fips_enabled", O_RDONLY <0x0>) = 3
Jan 8 11:09:31 server01 jsh[2144]: bypass openat("/dev/null", O_RDWR <0x2>)
Jan 8 11:09:31 server01 jsh[2144]: openat("/dev/null", O_RDWR <0x2>) = 3
Jan 8 11:09:31 server01 jsh[2144]: bypass openat("/etc/pki/tls/openssl.cnf", O_RDONLY <0x0>)
Jan 8 11:09:31 server01 jsh[2144]: openat("/etc/pki/tls/openssl.cnf", O_RDONLY <0x0>) = 3
Jan 8 11:09:31 server01 jsh[2144]: get abs full '/etc/crypto-policies/back-ends/opensslcnf.config'=>'/etc/crypto-policies/back-ends/opensslcnf.config'
Jan 8 11:09:31 server01 jsh[2144]: stat("/etc/crypto-policies/back-ends/opensslcnf.config") = 0
Jan 8 11:09:31 server01 jsh[2144]: '/etc/crypto-policies/back-ends/' is not any subdir of '/home/jailed'
Jan 8 11:09:31 server01 jsh[2144]: '/etc/crypto-policies/back-ends/' is subdir of '/etc/crypto-policies/back-ends/'
Jan 8 11:09:31 server01 jsh[2144]: openat("/etc/crypto-policies/back-ends/opensslcnf.config", O_RDONLY <0x0>) = 4
Jan 8 11:09:31 server01 jsh[2144]: bypass openat("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC <0x80000>)
Jan 8 11:09:31 server01 jsh[2144]: openat("/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC <0x80000>) = 3
Jan 8 11:09:31 server01 jsh[2144]: bypass openat("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC <0x80000>)
Jan 8 11:09:31 server01 jsh[2144]: openat("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC <0x80000>) = 3
Jan 8 11:09:31 server01 jsh[2144]: bypass openat("/lib64/libnss_files.so.2", O_RDONLY|O_CLOEXEC <0x80000>)
Jan 8 11:09:31 server01 jsh[2144]: openat("/lib64/libnss_files.so.2", O_RDONLY|O_CLOEXEC <0x80000>) = 3
Jan 8 11:09:31 server01 jsh[2144]: bypass openat("/etc/passwd", O_RDONLY|O_CLOEXEC <0x80000>)
Jan 8 11:09:31 server01 jsh[2144]: openat("/etc/passwd", O_RDONLY|O_CLOEXEC <0x80000>) = 3
Jan 8 11:09:31 server01 jsh[2144]: get abs full 'ÿÿÿÿÿÿÿÿ'=>'/home/jailed/ÿÿÿÿÿÿÿÿ'
Jan 8 11:09:31 server01 jsh[2144]: stat("ÿÿÿÿÿÿÿÿ") = 0
Jan 8 11:09:31 server01 jsh[2144]: get abs full 'ÿÿÿÿÿÿÿÿ'=>'/home/jailed/ÿÿÿÿÿÿÿÿ'
Jan 8 11:09:31 server01 jsh[2144]: openat("ÿÿÿÿÿÿÿÿ", O_RDONLY|O_CLOEXEC|O_DIRECTORY <0x90800>) = 3
Jan 8 11:09:31 server01 jsh[2144]: get abs full 'ÿÿÿÿÿÿÿÿ'=>'/home/jailed/ÿÿÿÿÿÿÿÿ'
Jan 8 11:09:31 server01 jsh[2144]: lstat("ÿÿÿÿÿÿÿÿ") = 0
Jan 8 11:09:31 server01 jsh[2144]: '/home/jailed/' is subdir of '/home/jailed/'
Jan 8 11:09:31 server01 jsh[2144]: openat("ÿÿÿÿÿÿÿÿ", O_RDONLY|O_CLOEXEC <0x80000>) = 4
Jan 8 11:09:31 server01 jsh[2144]: '/home/jailed/' is subdir of '/home/jailed/'
Jan 8 11:09:31 server01 jsh[2144]: openat("ÿÿÿÿÿÿÿÿ", O_RDONLY|O_CLOEXEC <0x80000>) = 4
Jan 8 11:09:31 server01 jsh[2144]: '/home/jailed/' is subdir of '/home/jailed/'
Jan 8 11:09:31 server01 jsh[2144]: openat("ÿÿÿÿÿÿÿÿ", O_RDONLY|O_CLOEXEC <0x80000>) = 4
Jan 8 11:09:31 server01 jsh[2144]: get abs full 'ÿÿÿÿÿÿÿÿ'=>'/home/jailed/ÿÿÿÿÿÿÿÿ'
Jan 8 11:09:31 server01 jsh[2144]: lstat("ÿÿÿÿÿÿÿÿ") = 0
Jan 8 11:09:31 server01 jsh[2144]: get abs full 'ÿÿÿÿÿÿÿÿ'=>'/home/jailed/ÿÿÿÿÿÿÿÿ'
Jan 8 11:09:31 server01 jsh[2144]: stat("ÿÿÿÿÿÿÿÿ") = 0
Jan 8 11:09:31 server01 jsh[2144]: get abs full 'ÿÿÿÿÿÿÿÿ'=>'/home/jailed/ÿÿÿÿÿÿÿÿ'
Jan 8 11:09:31 server01 jsh[2144]: lstat("ÿÿÿÿÿÿÿÿ") = 0
Jan 8 11:09:31 server01 jsh[2144]: get abs full 'ÿÿÿÿÿÿÿÿ'=>'/home/jailed/ÿÿÿÿÿÿÿÿ'
Jan 8 11:09:31 server01 jsh[2144]: stat("ÿÿÿÿÿÿÿÿ") = 0
Jan 8 11:09:31 server01 jsh[2144]: '/home/jailed/' is subdir of '/home/jailed/'
Jan 8 11:09:31 server01 jsh[2144]: openat("ÿÿÿÿÿÿÿÿ", O_RDONLY|O_CLOEXEC <0x80000>) = 4
Jan 8 11:09:31 server01 jsh[2144]: '/home/jailed/' is subdir of '/home/jailed/'