bugzilla #164441 (mock-helper and basedir)

[Clark Williams]

Hi all, 

I've been looking at how to change mock  so that the build chroot's can
be placed at arbitrary locations (as opposed to the current
hardcoded /var/lib/mock). The main reason I want to do this is that I
build target root filesystems for embedded targets in our compile farm
and we use a big NFS filesystem as our main storage. I can access the
build directory and our cross-toolchains from any system in our farm and
nothing that's specific to a build is on any farm system (I can
kickstart it at will and not lose anything). Yes, we've successfully
redirected /var/lib/mock to the NFS storage with a mount --bind but I
just find that kinda scary. I'm just not very confident in remounting an
NFS filesystem to a local filesystem. The bottom line is that I'd like
to remove dependencies on the build system's local filesystem and move
it all to the NFS storage.

So, the problem seems to be how to modify mock-helper so that it allows
the move, yet doesn't become a handy-dandy-attack-point for some cracker
wannabe. 

Can we say that the following is true?

"The mock-helper program always begins execution *outside* of a chroot
and is the only mechanism mock uses to *enter* a chroot."

If so, then we can check to insure that the intended chroot directory:

1. Is not '/'
2. Is not a symlink to '/'
3. Is not in a list of special directories (/bin, /sbin, /lib, etc.)

Are we "safe" if we insure that whatever command is executed by
mock-helper is executed in a chroot directory that does not contain a
system critical component?

Clark

-- 
Clark Williams <williams at redhat.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-buildsys-list/attachments/20060224/9f33912f/attachment.sig>