[buildd-tools-devel] Bug#795466: Option to add bind-mounts to sbuild
Johannes Schauer
josch at debian.org
Thu Dec 24 08:48:08 UTC 2015
Hi,
Quoting Joachim Breitner (2015-12-24 09:45:01)
> Am Donnerstag, den 24.12.2015, 09:41 +0100 schrieb Johannes Schauer:
> > which will probably not happen because schroot is supposed to be run as a user
> > but the decision about which mounts are allowed should be left to the
> > superuser. This is currently enforced by only root having the privileges to
> > edit /etc/schroot/chroot.d/*. If a normal user could bind mount whatever they
> > want on demand that would be a security issue.
>
> bummer, but true. Linux’s all-or-nothing approach to mount security is
> generally a problem, but not one we will solve here...
you might be interested in this:
http://lists.alioth.debian.org/pipermail/buildd-tools-devel/2015-December/010172.html
which is about using Linux namespaces instead of root to do package builds.
cheers, josch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20151224/d67f1362/attachment.sig>
More information about the Buildd-tools-devel
mailing list