Bug#430765: [Pbuilder-maint] Bug#430765: please add ccache support
Junichi Uekawa
dancer at netfort.gr.jp
Sun Jan 3 23:20:40 UTC 2010
ermm...
why are you talking about CLONE_NEWPID.
I think you wanted to talk about CLONE_NEWUSER so that same UID won't affect outside the chroot.
At Sun, 03 Jan 2010 11:36:46 +0900,
Junichi Uekawa wrote:
>
> Hi,
>
> At Sat, 2 Jan 2010 17:39:17 +0100,
> Mike Hommey wrote:
> >
> > On Sat, Jan 02, 2010 at 05:36:47PM +0100, Mike Hommey wrote:
> > > On Sat, Jan 02, 2010 at 05:28:23PM +0100, Loïc Minier wrote:
> > > > On Sat, Jan 02, 2010, Mike Hommey wrote:
> > > > > Shouldn't pbuilder try to use the original user uid ? I, for one, set
> > > > > BUILDUSERID to my own uid...
> > > >
> > > > Oh that would work too; I think I would prefer pbuilder using a
> > > > separate user id since the build might do evil things e.g. killall.
> > >
> > > unshare(CLONE_NEWPID) ?
> >
> > That only works with clone(), not unshare, but you get the idea.
>
> There's two different scenarios
>
> 1. I want to protect myself from malicious code (set it to some random
> user id). CLONE_NEWPID might be a better idea in this case.
>
> 2. I want to use the same user id inside the chroot too because I
> trust the code (e.g. pdebuild). This shouldn't be CLONE_NEWPID,
> because pdebuild-internal would require access to /home with the
> original PID.
>
>
>
> So, using CLONE_NEWPID would have to be an optional thing.
>
>
More information about the Pbuilder-maint
mailing list