[buildd-tools-devel] [GIT] schroot branch, master, updated. debian/schroot-1.4.11-1-230-ge7a04df
Roger Leigh
rleigh at alioth.debian.org
Sun Dec 5 22:09:12 UTC 2010
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "schroot".
The branch, master has been updated
via e7a04dffec40116170ef21f2a47ca80296b728c1 (commit)
via 86e9f85c045d6803107a90c3601221430a722cf5 (commit)
via 8d57c6c6a741812c440ae58cfd136178db040191 (commit)
via eed74e4f2d13872c57713f10418bc57d845e6480 (commit)
via 0a67ef07ece85ad55670fecdc5fcce0ca4396812 (commit)
via 928e83043baa1e7563270347079e0d92987dc703 (commit)
via 94a8f8978a3c38e566a9f4df7bf60dae3744edc9 (commit)
via d5dc7f1e4ea14ec5f9083f7f64f6bfd94747bd89 (commit)
from 023322db3bbf5b8d5e739dc0a80ea95077675fff (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e7a04dffec40116170ef21f2a47ca80296b728c1
Author: Roger Leigh <rleigh at debian.org>
Date: Sun Dec 5 21:43:29 2010 +0000
man: Document chroot naming restrictions
commit 86e9f85c045d6803107a90c3601221430a722cf5
Author: Roger Leigh <rleigh at debian.org>
Date: Sun Dec 5 21:36:16 2010 +0000
sbuild::chroot_config: Add comments detailing validation check limitations
commit 8d57c6c6a741812c440ae58cfd136178db040191
Author: Roger Leigh <rleigh at debian.org>
Date: Sun Dec 5 21:29:14 2010 +0000
sbuild::util: Relax session name restrictions in is_valid_sessionname
Use of is_valid_sessionname:
schroot::options_base (validate user input)
schroot::main_base (actual use of input)
→ session::set_session_id
→ chroot::clone_session
→ chroot_facet_session_clonable::clone_session_setup
→ chroot::set_name
sbuild::chroot (set_name)
sbuild::chroot (set_aliases)
sbuild::chroot_config::add_config_directory (validate filename)
The only function of is_valid_sessionname is to ensure we have a "safe"
session name when writing out a session file and/or making use of that
session name in setup scripts. set_name is the main point of checking;
everything else is just aborting earlier when a good diagnostic can be
issued (e.g. validating options and filenames), but they would hit the
set_name check ultimately if the extra checks weren't present.
Validation requirements:
• no leading dot to allow writing in parent directories
• no slashes to allow writing in subdirectories
• no colons (used as a namespace delimiter, and also LVM snapshot names
can't contain a colon or else lvcreate errors out)
• no commas (we use comma-separated lists in the config file, so alias
names and hence session names can't contain a comma)
A simple regex satisfies all these requirements:
static regex file_namespace("^[^:/,.][^:/,]*$");
static regex debian_dpkg_conffile_cruft("dpkg-(old|dist|new|tmp)$");
if (regex_search(name, file_namespace) &&
!regex_search(name, debian_dpkg_conffile_cruft)) {
match = true;
}
dpkg cruft checks added from is_valid_filename, because these are also
needed for avoiding conffile cruft under /etc/schroot/chroot.d
(previously, the existing restrictions prevented this anyway). So dots
are allowed anywhere except the first position, and ':', '/' and ','
are not permitted anywhere.
commit eed74e4f2d13872c57713f10418bc57d845e6480
Author: Roger Leigh <rleigh at debian.org>
Date: Sun Dec 5 21:28:03 2010 +0000
sbuild::chroot: Validate set_aliases as for set_name
Use is_valid_sessionname to validate each alias name.
commit 0a67ef07ece85ad55670fecdc5fcce0ca4396812
Author: Roger Leigh <rleigh at debian.org>
Date: Sun Dec 5 19:08:45 2010 +0000
man: Document security implications of profiles in schroot.conf(5)
commit 928e83043baa1e7563270347079e0d92987dc703
Author: Nelson Elhage <nelhage at mit.edu>
Date: Sun Dec 5 18:44:37 2010 +0000
setup.d: 10mount: Make all mountable chroots respect mount options from configuration
10mount, when computing mount options for some chroot types
(e.g. loopback) overrides the mount options set in config, instead of
using both sets.
For some chroots we were setting mount options inside the script, which
entirely overrode the ones the user passed in. Combine them instead.
Signed-off-by: Roger Leigh <rleigh at debian.org>
commit 94a8f8978a3c38e566a9f4df7bf60dae3744edc9
Author: Roger Leigh <rleigh at debian.org>
Date: Sun Dec 5 18:36:43 2010 +0000
man: Document -- option delimiter
commit d5dc7f1e4ea14ec5f9083f7f64f6bfd94747bd89
Author: Roger Leigh <rleigh at debian.org>
Date: Sun Nov 14 13:43:29 2010 +0000
profiles: Add dbus support to desktop profile
-----------------------------------------------------------------------
Summary of changes:
etc/profile-templates/desktop/freebsd/fstab | 1 +
etc/profile-templates/desktop/linux/fstab | 2 +
etc/setup.d/10mount | 10 +++-----
man/schroot.1.in | 10 +++++++-
man/schroot.conf.5.in | 31 +++++++++++++++++++++++++-
sbuild/sbuild-chroot-config.cc | 7 ++++++
sbuild/sbuild-chroot.cc | 9 +++++++-
sbuild/sbuild-util.cc | 6 +++-
8 files changed, 64 insertions(+), 12 deletions(-)
hooks/post-receive
--
schroot
More information about the Buildd-tools-devel
mailing list